Achieving Maximum Security in Microsoft 365

Achieving Maximum Security in Microsoft 365

By on Nov 30, 2022 in Managed IT Services

Microsoft 365 is the world’s most popular productivity, used by over 40% of the country’s small and midsized businesses. The latest version of Microsoft’s Office builds on the decades of leadership in business productivity, updating familiar applications like Word, Excel, PowerPoint, and Outlook for the cloud computing era.

However, Microsoft 365 can make achieving lasting cybersecurity confidence hard. Like any complex cloud platform, Microsoft 365 adjusts to the changing threat landscape, the company will roll out new security features, that all business in Ohio should be aware of.

Microsoft Implements Modern Authentication

One of the most important changes coming for Microsoft 365 users is the removal of basic authentication for many commonly used services, like POP, IMAP, PowerShell and others.  Soon all systems will need transition to what’s known as “modern authentication,” which uses a more secure method for verifying each user’s identity.

Microsoft is taking this significant step because basic authentication has been continuously targeted by hackers to access sensitive data. Basic authentication sends a user’s unencrypted name and password with every access request in plain text. This leaves that information open to interceptions.

With the number of password-based attacks soaring to one every 921 seconds, basic authentication no longer meets the basic security needs of the modern, digital business. The weakness inherent in basic authentication means that skilled hackers can even bypass the multi-factor authentication (MFA) systems, undermining one of the most important security controls in the SMB cybersecurity toolkit.

This migration is mandatory. Microsoft announced that by January 2023 basic authentication will be removed for all protocols, meaning that all businesses should start planning to deal with this new reality.

Modern Authentication May Lead to Network Problems
Businesses should be aware that disabling basic authentication could have a significant impact on their systems. For example, companies using Exchange ActiSync (EAS) to connect their company email to their mobile phones will likely experience problems with modern authentication. The scan to email functions in many business printers may also be affected is another common example, among many others.

Proactively Managing Your Modern Authentication Upgrade
To ensure your network remains stable during the upgrade, use Microsoft 365 sign in logs to determine what services/users are using these legacy methods and migrating them to supported methods. We recommend companies coordinate with their IT staff (or IT support firm) on which APIs are dependent on M365 and how best to migrate those service to modern authentication.

With this upgrade no longer optional, the only way a business can ensure that these new upgrades don’t harm your network is to be proactive.

Start by having your IT team reaching out to your technology vendors and determine which of their services or APIs support modern authentication and which don’t. Once you’ve completed a thorough audit of your applications and services, you can proactively either upgrade or replace whichever ones don’t meet the new modern authentication standards.

If this sounds confusing, the Astute Technology team would be happy to help with the migration process.

Securing Bring Your Own Device (BYOD) Devices in Microsoft 365

Many businesses in Ohio allow employees to use their personal devices for work functions. There are some clear benefits to this approach. including the fact that it’s more convenient for employees to use their own devices and it’s less expensive for the business than buying each person a company device.

This arrangement, called bring your own device (BYOD), also has some serious downsides, particularly how you manage the data in Microsoft 365.

In worst-case scenarios, businesses have no visibility or control over the devices they’re allowing to connect to company resources. That means company data could be sitting unsecured on a personal devices, where it could easily be lost or stolen by hackers.

In other, more common situations, business will have deployed some basic mobile device management (MDM) solution to help keep devices updated and build a rudimentary barrier between company and personal data.

Improving Data Security Conditional Access
While mobile device management of can make a significant difference in the security of employee-owned phones, it’s an intrusive option that requires a business to install software an each employees personal phone.

Microsoft 365 allows businesses to keep information on BYOD devices secure, without having to implement an MDM solution. This system is called, “conditional access.”

Conditional access is a set of controls within Microsoft Azure Active Directory that protects sensitive content by requiring users meet a set criteria before they’re granted access to it. The conditional access system is very flexible, allowing you to create and automate granular security that govern users, devices, their locations, and more.

The benefits of using conditional access to secure your mobile devices include:

  • Better integrating user authentication “factors” like password, facial recognition, voice recognition, and others into your overall security plan.
  • Automate the process of monitoring and adjusting protections when the system notices an irregularity, like an access attempt from an unrecognized location.
  • Better enforce security standards so unverified users are completely denied access to your sensitive information.
  • Protect your network against security credentials like username and password getting stolen
  • Reduce risk and improve compliance by allowing your staff to audit applications and access and reducing the need for third-party solutions.

The process of implementing conditional access is like the roll-out other security controls. You should start by auditing your technology to locate all the valuable data assets in your organization’s systems. Then, define appropriate of protection for each of those systems and document those controls so they can be adjusted as your systems evolve.

Note: to configure conditional access your business will need an Azure Premium license, which could mean upgrading your license.

Get Help Securing Your Microsoft 365 Deployment

The technical issues related to conditional access can be a bit daunting, which is why so most businesses without a well-staffed IT department will want to work with an outside team to get it right. If you need a partner to help provide insight and guidance for your next Microsoft 365 project, contact our helpful team in Cincinnati, Columbus, or Cleveland. We’re also available any time at [email protected] or 614 389 4102.