Clients wants to force MFA every time Outlook opens...

[thecomputerguy]

@thecomputerguy Then it sounds like you're well underway to sorting out the problem. But you do have the unenviable game of calming the owner.

She understood and she gets it. I get where she's coming from too. For all I know it was the previous tech's RMM that was compromised, so getting remote access to her system is terrifying for her. She's got a small team of accountants working for her and I've come across a few names of clients she works with and she does accounting for some national/international bigwigs. Not that it makes a difference but there's quite a sum of money involved.

 

[Sky-Knight]

@thecomputerguy Then she should be ready to pay for regular audits, you'll want to get a specialist service do to that.

If you want to do some yourself... try this: https://public.cyber.mil/stigs/scap/

Want to bring your machines up to basic US Milspec? There's the tool!

But yes, if M365 was MFA'd the odds of it being breached are minimal. It's vastly more likely the previous MSP's tools were breached, that's happening ALL OVER the place. Why crack a single user when you can get into an RMM and get multiple companies at once? She's lucky it was just some remote access and not a full on network wide crypto.

But again, I'd still be nuking all machines that had that RMM on it, just to be certain there are no further time bombs.