Stop Microsoft 365 Account Takeover in MN, ND & SD: Barracuda + Diversified Technologies
Microsoft 365 Account Takeover in MN, ND & SD: Here’s How We Shut It Down
If you do business in Minnesota, North Dakota, or South Dakota—whether you’re in ag, manufacturing, healthcare, construction, finance, or public sector—there’s a good chance your Microsoft 365 mailboxes are getting probed every day. BEC (business email compromise) and account takeover are still the biggest money‑makers for criminals: the FBI logged ~$2.8B in BEC losses in 2024 alone, across 21,000+ complaints.
Microsoft’s own telemetry shows the scale here: ~5 billion emails screened daily and ~38 million identity risk detections on an average day—proof the attackers are relentless and the volume up here in the Upper Midwest is not an exception.
At Diversified Technologies, we pair Microsoft 365 best practices with Barracuda Email Protection to block the phish, detect account takeover fast, and clean up the mess automatically if something slips through.
The new tricks (and why MFA alone isn’t enough)
Adversary‑in‑the‑middle (AiTM) phishing. You think you’re doing a normal Microsoft sign‑in—even complete MFA—but a proxy steals your session and logs the attacker in as you. Microsoft has highlighted the rise of AiTM across M365 tenants.
OAuth redirection abuse. Attackers craft links that start on a legit Microsoft Entra ID URL, then purposely trigger an OAuth error to redirect you to their malware/phish page. It looks trustworthy at first glance—which is the point.
We’ve also seen major takedowns of commodity phishing kits (e.g., RaccoonO365), which shows how “phishing‑as‑a‑service” has industrialized.
Your Microsoft 365 “do‑this‑now” checklist (quick wins for MN/ND/SD teams)
1) Turn on Microsoft Defender for Office 365 anti‑phishing and presets
Use Standard/Strict presets, then add impersonation protection for execs, AP/AR, and anyone who moves money. It catches spoofing and BEC way better than basic filtering.
2) Move users to phishing‑resistant MFA
SMS codes and push approvals are easy to social‑engineer. Shift to FIDO2/passkeys (YubiKey, Windows Hello, platform authenticators). That’s the “gold standard” from CISA and Microsoft.]
3) Lock down access with a Conditional Access baseline
Require MFA, block legacy auth, enforce device compliance, and protect admin portals. You can start from a vetted baseline and tune it for your mix of remote sites and plant floors.
4) Track progress with Secure Score
It’s your built‑in scoreboard for identity, device, and email protections. Use it to prioritize the next few steps and show leadership the progress.
Where Barracuda makes a huge difference for Upper Midwest orgs
Even with Defender tuned, some phish get through—QR scams, brand‑new domains, thread hijacks, or an internal account that’s already compromised. Barracuda gives you the “catch and clean” layer we love deploying across MN/ND/SD tenants:
- Account Takeover Protection
Spots weird logins, inbox‑rule tampering, and unusual internal messages; flags which emails a compromised user already sent and locks the attacker out. Great for finance/AP mailboxes and shared mailboxes used in operations. - Automated Incident Response
Find every copy of a bad email across the company (Minneapolis HQ and the shop in Sioux Falls), yank it from mailboxes, ping affected users, and keep watching for 72 hours for late arrivals. - AI‑driven BEC/Impersonation detection
Learns how your people in Fargo–Moorhead or the Twin Cities communicate, then blocks out‑of‑pattern requests before users click. - Cloud‑to‑Cloud Backup for Microsoft 365 & Entra ID
Granular restores for Exchange, SharePoint, OneDrive, Teams, plus Entra ID objects—critical after ransomware or malicious deletion.
Our local rollout plan (built for teams from Minneapolis to Bismarck to Sioux Falls)
Week 1 – Quick hardening
Preset Defender policies (Strict for high‑risk roles), enable Mailbox Intelligence, enforce phishing‑resistant MFA, block basic auth, and apply a Conditional Access baseline.
Week 2 – Barracuda API deploy
No MX changes—just API attach for inbox defense. Turn on Account Takeover Protection and Incident Response.
Weeks 3–4 – Simulations & training
Run Barracuda’s Email Threat Scanner and targeted simulations for finance, field crews, and front‑desk staff; convert findings into short, role‑based training.
Weeks 4–5 – Resilience
Switch on Cloud‑to‑Cloud Backup for Microsoft 365 + Entra ID, test restores, and document recovery SLAs.
Ongoing – Measure & iterate
Review Secure Score and Barracuda reports monthly; expand passkeys and close any Conditional Access exceptions.
Red flags we see across MN/ND/SD when an account’s been owned
- Impossible travel or unfamiliar sign‑ins (e.g., 3 a.m. from a new geography).
- New inbox rules that auto‑forward invoices or auto‑delete replies.
- Vendor payment changes “effective immediately” from an internal account.
- Reply‑chain hijacks and QR codes leading to fake login pages.
TL;DR for leaders in Minneapolis, Fargo, and Sioux Falls
- BEC remains multi‑billion‑dollar crime; our region is targeted just like everyone else.
- MFA is necessary but not sufficient—move to phishing‑resistant methods.
- Add Barracuda for post‑delivery detection and rapid clean‑up across all your locations.
Ready to lock down your Microsoft 365?
Diversified Technologies secures organizations across Minnesota, North Dakota, and South Dakota with Microsoft 365 hardening, Barracuda deployment, phishing‑resistant MFA, and 24×7 incident response.
Book a 30‑minute Upper Midwest security assessment
www.dteck.com/contact