all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

O365 on a Pentesting device? Am I right to think that this is horrible practice?

Add to bookmarks
Sept. 14, 2023, 9:09 a.m. | /u/MrExpendable_

cybersecurity www.reddit.com

Hello,

Working at my company as a security engineer. I recently discovered that our pentesting team is deploying O365 to their pentesting laptops. These are normally segregated from our standard environment, but because they have registered in O365 they become visible in our Azure Defender for Endpoint tenant.

This seems like a dangerous practice to me. We did put in place MFA and Conditional Access policies for the accounts which have the licenses assigned to them. But I can't help …

azure cybersecurity defender device engineer environment hello laptops o365 pentesting practice security security engineer standard team visible working

Visit resource

More from www.reddit.com / cybersecurity

CVE question 7 hours ago | www.reddit.com
api cve cybersecurity dashboard +10
how hard do you think is it to get into penetration testing nowadays 11 hours ago | www.reddit.com
cybersecurity hard penetration penetration testing +1
Building an SOC From Scratch: The Importance of Documentation and Network Segmentation 12 hours ago | www.reddit.com
analyst antivirus bank building +23
The Risks of Scattered Logs and Why Centralised SIEM Is Better for Security 14 hours ago | www.reddit.com
companies cybersecurity event event management +21
How-To Install and Setup: Azure Arc, (AMA) Azure Monitor Agent and (DCR) Data Collection Rules … 17 hours ago | www.reddit.com
agent ama arc article +28
Iranian hackers pose as journalists to push backdoor malware 17 hours ago | www.reddit.com
backdoor cybersecurity hackers iranian +3
What after TPRM? 18 hours ago | www.reddit.com
action amp certified cisa +14
How deep into certifications should you go at “entry level?” 19 hours ago | www.reddit.com
administration certifications cybersecurity entry +10
Is SOC 2 Report Sufficient for Vendor Risk Management? 1 day, 2 hours ago | www.reddit.com
application cybersecurity deployment friends +18

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Enterprise Security Architect

@ Proofpoint | Utah
View on infosec-jobs.com

Senior Incident Response and Digital Forensics Engineer

@ Danske Bank | Vilnius, Lithuania
View on infosec-jobs.com

SOC Analyst (Remote)

@ Bertelsmann | New York City, US, 10019
View on infosec-jobs.com

Risk Consulting - Protect Tech - Staff - IT Compliance - ISO-NIST-FISMA-PCI DSS and Privacy

@ EY | Bengaluru, KA, IN, 560016
View on infosec-jobs.com

Security Officer Warrenpoint Harbour

@ TSS | Newry, County Down, United Kingdom
View on infosec-jobs.com

Senior DevSecOps Engineer

@ Scientific Systems Company, Inc. | Burlington, Massachusetts, United States
View on infosec-jobs.com
View more jobs