I’m shamelessly reposting this article from Jeff’s blog just because it’s such a good article. See this blog post for detailed instructions for adding ABSOLUTELY CRUCIAL MFA to your environment of you are a Cloud Solution Provider managing customer environments. (I’m sure Jeff won’t mind as I am linking directly back to his blog 🙂
Our marketing department asked me to do an interview on Securing the Modern Workplace and I’ve actually been planning to do a short training and awareness session inside the company on securing cloud resources. I thus decided to take a (temporary) break from my series on WordPress on Azure PaaS and use this blog to prepare for the interview and the training session. As I was writing this article I realised I cannot really do the topic justice in one, short article. Today I will thus spend some time sketching the background and explaining the various solutions at high level and in 5 separate future articles (when I get the time) I will do a further deep-dive into each of the individual solution areas for those wanting more details.
Today we look at how you can secure the Modern Workplace using Microsoft 365.
Modern IT Management faces a number of challenges due to a rapidly changing landscape and IT is no longer just a cost center but is expected to add real, tangible business value to the company. IT mangers should be focusing on how to help the business benefit from technology advancements, rather than spending large amounts of time on rather basic needs such as providing users with a secure desktop and standard office automation facilities. Both business and end users have further come to expect a quick, friendly and out of the box experience, leveraging self-service capabilities and allowing them to work anywhere and on any device. Business however has also come to expect an ever decreasing TCO and the agility to light up new cloud services quickly, as and when business needs arise. For many IT managers this has become a complex juggling act or even a complete nightmare.
In PART 1 of our series on Securing the Modern Workplace using Microsoft 365 we discussed the background and high level solutions, and defined 5 specific solution areas, namely TRUSTED USER, TRUSTED DEVICE, TRUSTED APP, TRUSTED PLATFORM and TRUSTED DATA.
Today we will dive into a bit more detail on how you can ensure you have TRUSTED USERS when making use of Microsoft 365.
You may have heard the often-used slogan “Identity is the new Firewall” or “Identity as Control Plane” and this is very true. Securing the datacenter and device is no longer enough, as the systems that process your data and where you store your data are no longer in your datacenter but out there on the internet. The best place to start securing your data in the Modern Workplace is right at the from door, by securing the user’s IDENTITY. Some claim that as much as 97% of all security breaches in the last year started with a breached identity. Regardless of whether this figure is accurate or not, if you can assume somebody’s identity you often have unhindered access all devices, apps, platforms and data the user has access to. The weakest link in your security chain is HUMANS. We are animals of habit, we are often lazy, we are incredibly creative in circumventing all kinds of complex security road blocks and most importantly we are very susceptible to social engineering attacks such as Phishing. The most important step you can take to improve your security posture today is to protect your users’ identities.