The National Cyber Awareness System, part of the US Cybersecurity and Infrastructure Security Agency, recently released an alert about Microsoft Office 365 with guidance and security recommendations for Microsofts cloud service. The recommendations include adding multi-factor authentication (MFA) to both administrator and user accounts. You can whitelist the static IPs of your offices so when users remote into the office, they will not be prompted for MFA. The minute you roll out Office 365 mailboxes, attackers start to use brute force attacks on the mailboxes using harvested passwords.”]