Security Now: Using Azure MFA Server to Protect Existing Resources
Lately it has been hard not to notice news about accounts being hacked. The number of major companies that have been hacked has grown extremely long. When an average person hears about hacking, images of people hiding in the shadows with laptops, rapidly typing lines of code and fighting firewalls come to the front of their minds. As security professionals all know, most hacking attempts are started not with a full on assault, but with a simple email. That carefully designed email imitates some service a user might use and asks for something as simple as verifying an account. Once the user has fallen prey to that, it is all over. The user’s account is compromised. That first step establishes a foothold for hackers to make their way into an organization.
So how can you protect against this? Security training is a good place to start, but it can only be taken so far. By now you have probably heard the term multifactor authentication, and if you are using Azure AD and Office 365, you may have even turned it on for the cloud. For those who don’t know, multifactor authentication protects user accounts by requiring an additional form of identification before the user is granted access. The user is prompted not only for their password, but for a security token that is provided to them using a text message, phone call, or a mobile app. This ensures that even if a hacker obtains the password, they will not be able to login without the token.
With the flip of a switch, Office 365 can enable multifactor authentication for cloud. That’s great if you don’t have any on premise applications, but what about your VPN, your existing web applications, or your RDP gateway? Azure Multifactor Authentication Server has the answer.
Azure MFA Server is an on premise application that can be installed to bring the power of Azure AD to your data center. Users are added directly from Active Directory using a simple search query that can be set to automatically add new users. Users will then receive an email with details on how to register for MFA. Users can then setup exactly how they want to receive the token. They can choose between text messages, phone calls, or even mobile app authentication using the Microsoft Authenticator app. All of these choices can be tailored by the administrator to meet the needs of your organization. For example, given the recent news that NIST no longer considers SMS authentication as a secure form of identification, you can easily block your users from selecting that mode. The MFA server gives you access to customization options that allow you to form the perfect policy for your users.
Multifactor Protection can be added to multiple sources.
By setting an application to use RADIUS authentication using the MFA Server, any requests for authentication will be sent through the MFA Server. The user will be required to provide a second form of authentication before the login attempt can be processed.
IIS Web Applications
IIS servers can be added to MFA Server so that any existing websites running on that server will automatically have the security of multifactor authentication.
If you are currently using ADFS to authenticate users to applications other than Office 365, you can easily add multifactor authentication via a plugin to ADFS. You can then add protection to any application you want through the ADFS admin console. Users can do first time registration through ADFS rather than having to use the MFA portal.
Any application that uses LDAP to authenticate can be pointed directly at the Azure MFA server to take advantage of all of the features.
Let us help you realize your cybersecurity vision
Whether your organization chooses to use Office 365 multifactor authentication to protect your cloud identities, or the powerful Azure Multifactor authentication server to protect your data center, any chance you have to make your business less appealing to cyber criminals is worth taking. Arraya Solutions’ award-winning Microsoft Practice is ready to help your business get started. Our team will work with you to analyze your environment, create a plan, and deploy the solution you need to achieve your cybersecurity goals.
Ready to start a conversation? Visit www.arrayasolutions.com/contact-us/ to get started. We’re also reachable through social media: Twitter, LinkedIn, and Facebook. While you’re there, be sure to follow our accounts to stay in the loop with all of our latest insights, news, and events.