Office 365
Office 365
Useful guide to monitoring O365 infrastructure
https://medium.com/falconforce/reducing-your-office-365-attack-surface-99830a654d0
CISA's guide to "Detecting Post-Compromise Threat Activity in Microsoft Cloud Environments"
https://us-cert.cisa.gov/ncas/alerts/aa21-008a
A handy guide to the hideous mess that is O365 logging
Detecting the Golden SAML attack
https://www.inversecos.com/2021/09/backdooring-office-365-and-active.html