Microsoft has rolled out new guidelines that require users to use multiple forms of authentication in order to access some of its most common cloud apps.
Business today is increasingly mobile. That means employers and other users are using software apps that access information remotely instead of via a wired desktop computer.
Mobile access has many advantages, allowing employees to connect to information and each other while working remotely, on a business call or on vacation. It also means more devices — smartphones, tablets and laptops — using various wireless networks.
All those devices, all those networks, and all those users create one massive cybersecurity headache for your company.
That’s one of the main reasons why Microsoft has tightened up its security requirements for its popular Microsoft Office 365 and Microsoft 365 products. No longer will multifactor authentication (MFA) be optional.
Microsoft partner in Sacramento, Michael Nelson of TLC Tech shares insights into Microsoft’s shifts with authentication.
What Is Microsoft Changing About Authentication?
In January 2020, Microsoft introduced a new feature called Security Defaults. For organizations using the commonly used Azure Active Directory to manage user access. Users will be required to use MFA to access Microsoft applications.
“The goal is to ensure that all organizations have a basic level of security-enabled at no extra cost,” Microsoft notes.
Previously, some users had the option of choosing MFA as part of its security protocols. With the changes, that option will gradually be eliminated.
What Is Multifactor Authentication?
Entering a username and password is a prime example of single-factor authentication. It’s a way for a user to enter a known (to them) piece of information (known as a credential in cybersecurity parlance). If the password matches what’s on file for the user, said user is allowed access to the resource, whether it be a website, an application, a file location or a protected document.
The problem is that with so many users accessing information from remote locations, the chances of a device or password landing in the wrong hands increases dramatically. Multifactor authentication is designed to prevent those issues from occurring.
Typically, two-factor authentication (a subset of MFA) is used. One factor can be something that is known to the user, such as a password. A second factor is added to the mix to make it more challenging to steal access. One category is something they don’t know. This could take the form of a unique, expirable access code that is texted to a smartphone. Another category is something they are. Examples of these authentication factors include biometric information such as an iris scan or fingerprint.
Using some combination of credentials that include something they know, something they don’t know and something they are adding layers of deterrence that make it more challenging to authenticate. While MFA can be frustratingly cumbersome for users, the additional security is worth it.
How Will Microsoft MFA Affect Users?
Office 365 and 365 users will be asked to provide at least two ways to verify their accounts (in addition to a password). One option is to have a text message sent to a mobile device. Another choice? Use one of several authenticator apps available for download.
After a user registers the new authentication techniques, they will experience the apps differently on their next login. In addition to entering their password, they will be sent a prompt asking for verification using the second authentication method, such as acting on an approval text sent to a mobile device.
Security Defaults are either on or off for all users within an organization. There is no way to make individual exceptions, However, Microsoft does have a feature called Conditional Access that allows organizations to set their security policies.
When Do the Microsoft MFA Requirements Go In Effect?
The new MFA guidelines will be implemented gradually, starting with new customers first. Eventually, all new customers will be required to use MFA procedures. Microsoft will also begin transitioning existing customers, but as of mid-February 2020 has not announced a timeline.
Microsoft is in an excellent position to help customers protect themselves and their users from unwanted cyberattacks. Multifactor authentication is one powerful way to minimize the threat of compromised credentials.
Image Credits – Microsoft.com
