Microsoft Defender now directly warns IT admins about nation-state attacks

Steve Dent
·Associate Editor
·1-min read

Microsoft will soon warn Office 365 admins more directly about possible nation-state hacking activity, according to an update on its roadmap seen by ZDNet. Rather than just receiving an email as before, IT administrators will get notifications directly from the dashboard of Microsoft Defender for Office 365, the cloud-based security app for Office 365 users.

Nation-state hacking is generally sponsored by governments with the aim of furthering national interests, and “represent some of the most advanced and persist threat activity that Microsoft tracks,” the company wrote in the roadmap update. Microsoft has been tracking those threats for some time now, informing users by email that they’ve been targeted and what to do about it. It warned 10,000 customers about such attacks in 2019.

However, overburdened admins might miss an email or not see it soon enough to take action. By placing the notifications directly in the Defender dashboard, IT employees might be able to secure systems and take action more quickly. Microsoft’s Threat Intelligence Center also “follows these threats, builds comprehensive profiles of the activity, and works closely with all Microsoft security teams to implement detections and mitigations to protect our customers,” according to the update.

Microsoft has been a key player in sniffing out (and being a victim of) hacking operations. Recently, it discovered that North Korean-backed hackers may have attacked researchers via certain Office 365 apps along with Google’s Chrome. At the same time, Microsoft’s systems were recently penetrated during the SolarWinds attack, with attackers gaining access to source code.