How to Secure Microsoft Office 365
Author: Robert Moore | Systems Engineer
Microsoft Office 365 does an amazing job with out-of-the-box deployment for their entire stack. Everything from Email to SharePoint to Teams. However, out-of-the-box still requires care to ensure deployments are successful and safe. While click to deploy is great, and for most companies make
s choosing Microsoft a no-brainer, security is something that should be considered.
The ability to use a single logon for Email, Azure-Based Cloud Services, Teams, SharePoint, etc., is a huge benefit for staying within the Microsoft Stack. At the same time, weak passwords, poor security practices, and lack of user training can turn the efficiency of Microsoft into a security nightmare.
One way to dramatically improve security within Microsoft is to use either Microsoft Native MFA (Multi-Factor Authentication) or Federate Microsoft, or choose another provider such as OKTA. By utilizing these technologies, businesses can greatly increase their security by creating a secondary method of authentication. This will drastically lower the risks associated with phishing, spearhead, and password spray attacks.
What is OKTA?
OKTA provides SSO and authentication for over 55,000 applications. The federation setup with Microsoft is easily accomplished with a Provisioning Setup Wizard. Rules can also be created for each environment. An IT Engineer can create rules that require MFA for every session or at specific intervals (daily, weekly, monthly, or only once). This requires users to re-authenticate with MFA on a set interval, thereby increasing security. Rules can also be created to trust specific zones, allowing IT Engineers to trust all devices on their network, or on remote networks. This option is usually done to create a more seamless authentication process for users but can come at its own risk if an attack vector originates from a trusted zone.
How does multi-factor authentication work?
While MFA mandates some user training, the end result is a much harder security shell to protect sensitive user and business data. One use case for MFA is a user falling for credential harvesting phishing or spearhead attacks. Actors these days are crafting very real and specific phishing campaigns. Many times, users trust these emails and fake logon pages because they are crafted so well.
One common scenario could be a victim receiving a well-crafted email to follow a link to a very realistic Microsoft Logon Page. The email came from a supplier that the victim is familiar with (only the supplier’s account has also been compromised). Here, the victim would enter their Microsoft Office 365 (Corporate Login) into the page to be taken to an error page or something not too obvious. Once the victim has done this, their account is compromised for the actor to do as they please. They may export all the victim’s emails, SharePoint, or Teams Meta Data. The actor will also use this access to send emails on behalf of the victim to further their access by phishing other users.
This scenario plays out more often than not. Had this company been using MFA of some sort, even if a victim still falls for the phishing attack, the actor will not be able to access the victim’s information without the victim’s mobile phone to accept the SMS or push notification. In this case, the victim will be able to notify the IT engineers of a random push notification or SMS allowing the engineers to investigate and reset the victim’s password.
This example and many others are why securing an organization’s Microsoft Office 365 service with MFA is a basic and effective security protocol that I highly recommend implementing for your organization – Because while there are technologies and security solutions available in the market today for nearly everything, we must always try and stay one step ahead of these bad actors. This is absolutely time well spent!
Let Us Help You Customize the Optimal Security Solution
At BullsEye, our list of services goes on and on. We can help you identify the ones you need and the ones you don’t. Our clients depend on us to always deliver quality connections and superior customer service. We’ll work hand-in-hand with you to provide the insight and support you need to optimize your investment.