Microsoft Intune hardening pushed by feds after Stryker hack

Organizations across the U.S. have been urged by the FBI and the Cybersecurity and Infrastructure Security Agency to fortify the cybersecurity protections of their Microsoft Intune instances after Iran-linked Handala hacktivists compromised Michigan-based medical device firm Stryker through its Microsoft network, according to The Record, a news site by cybersecurity firm Recorded Future.

Implementation of recently issued Microsoft best practices for hardening endpoint management system configurations is necessary in the wake of the Stryker hack, which led to the wiping of more than 200,000 devices, said the FBI and CISA in a joint advisory. Aside from adopting role-based access controls for assigning minimum permissions for daily operations, organizations should ensure multi-factor authentication and Microsoft Entra ID across all accounts to prevent privileged actions within Intune.

"Set up policies that require a second administrative accounts approval to allow changes to sensitive or high-impact actions (such as device wiping)," said CISA, which also offered links to other Microsoft guides for bolstering Intune defenses.