Office 365 Security Defaults
It’s time for Multi-Factor Authentication
Following our Insight post stating 99.9% of organisation account compromise could be stopped by simply using MFA, we are encouraging customers to take another step forward in securing their cloud hosted environment.
Our friends in the Identity Security & Protection team at Microsoft have been trying to find new ways to protect us for years. This is both at a Consumer level with Skype & Xbox and at an Organisational level with Azure Active Directory.
Recently they have provided Baseline Policies in “preview” within Azure AD for MFA (Multi-Factor Authentication). This also included automatic disabling of Legacy Authentication which completely stops password spray attacks and reduces overall compromise risk by 67%. The next step for Microsoft is taking these policies out of “preview” and pushing them forward as a standard called Security Defaults.
Security Defaults will automatically enable these baseline policies for all of your Users:
- All Users and Admins to register for MFA
- Challenge Users with MFA, mainly when they show up on a new device or app, or always when they attempt critical tasks
- Disabling authentication from legacy apps, the ones that can’t do MFA
Sadly, the adoption of the technology has been less successful than Microsoft would like. So Microsoft will start enabling some of these things by default on new tenancies. Legacy authentication for Exchange Online is due to be removed in October 2020 (so say goodbye to Outlook 2013 if you haven’t already).
We often come across customers who have no idea that any of these tools are included for FREE with their Office 365 subscriptions! Why would they, they aren’t IT experts.
Here at Core Team One, we help our customers understand their IT posture and the level of security they have. This helps them take steps to improve their security standards and minimises their attack surface. What is your IT company doing for you?
Call Core Team One for free impartial and insightful advice.