Protect Your Resources with Azure

Published October 6 2021

In our last blog post, we discussed three strategic factors to consider in order to reduce risk for your security program. Namely, building resilience into your cybersecurity strategy, strategically increasing attacker cost, and tactically containing attacker access. In this blog, we will explore software you may already have in place and how it can play a part in your overall cybersecurity strategic plan.

It's All About Security Framework

By now, most of us are familiar with passwords and their use in both our personal and business lives. We have passwords to unlock our phones, for personal email addresses, our online bank accounts, our social media accounts, etc. We also most likely have encountered some advice on basic password security. Most of us understand that passwords are only as secure as we keep them. We’ve been told before we should not use obvious passwords like “password123”, we should use a combination of lowercase and uppercase letters, numbers and special symbols, we shouldn’t write them down, and we should use different passwords for different sites.

Some of us have become more aware of phishing schemes, especially through “quizzes” on social media that attempt to gain not only our passwords but the answers to our security questions. As much fun as it may be to learn about our friends’ high school mascots, favorite teachers’ names, or the first phone number a person had as a kid, the answers to these questions are oftentimes also answers to our security questions on various websites. Scammers use these answers to reset the true accountholder’s passwords and thereby gain access to the accounts.

Many businesses are already using Microsoft Office 365 as part of their everyday operations. Most of us use Outlook for our business email, whether you connect to the web-based version or the local-based version to receive or send email. You use Teams to communicate with co-workers every day and SharePoint online to manage your document handling. Your sales team uses Dynamics 365 as they create opportunities and follow through turning prospects into customers. All these tools have one thing in common, the same security provider, same security authentication mechanism called Office 365.

Azure Active Directory (Azure AD), often referred as Office 365, Microsoft 365 or Microsoft Tenant, is an ecosystem of security and cybersecurity tools, which is responsible for your safe authentication and for a safe validation. All applications within Microsoft 365 use Azure AD as authentication provider. It is a Cloud based identity and access management service which help users to authenticate and gain access to both external resources like Microsoft 365, Azure portals and other SaaS applications as well as internal resources such as applications on your corporate network as well as applications deployed in the cloud. You can think of it as security and authentication provider umbrella under which all cloud-based applications are stored. By securing Azure AD, you essentially securing every application underneath that umbrella.

 Multi-Factor Authentication

The password that kept you safe in the past won’t keep you safe anymore. A major weakness point in any cybersecurity plan particularly when it comes to emails is often passwords. Passwords are accountable for 80 percent of hacking-related breaches. Using multi-factor authentication (MFA) requires two or more factors of verification. And by using MFA, you can significantly decrease the likelihood of attacks being successful.

The Azure Active Directory (Azure AD) enterprise identity service provides single sign-on and multi-factor authentication to help protect your users from 99.9 percent of cybersecurity attacks. But what is multi-factor authentication? In the simplest of terms it combines something you know, i.e., a password or other verification code with something you have, i.e., a trusted device that is not easily duplicated like a phone or security key. More sophisticated versions of MFA may also include something you are like biometrics- fingerprints or facial recognition.

MFA allows you to validate your identity through an exterior means, your cell phone or email or similar type of validation mechanism. That means that even if the hackers somehow steal your password, they still won't be able to authenticate because there is an additional device required to validate your identity.

Azure AD Multi-Factor Authentication can also further secure password reset. When users register themselves for Azure AD Multi-Factor Authentication, they can also register for self-service password reset in one step. Administrators can choose forms of secondary authentication and configure challenges for MFA based on configuration decisions.

Apps and services don't need changes to use Azure AD Multi-Factor Authentication. The verification prompts are part of the Azure AD sign-in event, which automatically requests and processes the MFA challenge when required.

Available Verification Methods

Azure AD administrators and users has ability to pick additional verification method. Many methods are available, some most commonly use are smart phone Authentication App, SMS and Voice Calls. When users sign in to an application or service and receives an MFA prompt, they can choose from one of their registered forms of additional verification.

Would you like to learn more about security and vulnerability issues? Watch our on-demand webinar now: