Arraya Insights | September 3, 2019
Raise your hand if you’ve heard someone describe Microsoft as a “security company” at some point in the last few years. We can’t say for sure – maybe because your Microsoft desktop is so secure – but we’re guessing there are plenty of hands in the air. We get it. Given cyber security’s status as a tiptop of mind issue, it’s easy to dismiss that kind of positioning as mere marketing hype. So, we sat down with our Cloud and Workspace team to look at some of the more recent examples of what Microsoft is doing to earn that reputation.
Are the days really, finally numbered for passwords?
Saying that the end is nigh for passwords is almost as big of a cliché as calling Microsoft a security company. So, we won’t say with certainty that passwords are on their way out. What we will say is that Microsoft has introduced innovations recently that will allow passwords to transition into more of a support role.
For instance, earlier this summer, Microsoft finally deleted the concept of regular, mandatory password resets from its list of suggested security baselines. Forcing users to change their passwords after a set amount of time has long been pitched as a way to boost security, even though the habits it inspires do just the opposite. Typically, instead of thinking up exceedingly complex new passwords every 90 days, users pick an easy-to-remember theme and beat it into the ground. Or, they reuse passwords from other accounts. Either option is a clear cyber security worst practice.
Microsoft has also promoted the cause of single sign-on by enabling application access across its Azure and Office environments (and beyond) with a single password. In this case, beyond means extending this capability to many popular SaaS apps under the direction of Azure Active Directory. Included on this list are leading third party tools such as Workday, Box, and Concur. This flexibility even extends into the Oracle Cloud thanks to the brand new partnership between the two companies. Now, organizations can run an app in either cloud or across clouds if needed. Keep in mind that the app in question can be accessed using a single set of credentials.
Finally on the password front, in the latest version of Windows, Microsoft has given users the ability to forgo them entirely. Users can now take advantage of alternatives like the Microsoft Authenticator app, phone numbers, and the recently FIDO2-certified Windows Hello (and any number of biometric options all integrated in Windows Hello). These features can preserve security while enabling a level of user-friendly ease of access.
Microsoft security updates beyond passwords
Passwords have been a big deal for Microsoft as of late, but they haven’t been its only focus. Here are just a few of the other projects Microsoft has undertaken in the hopes of furthering its reputation as a security company:
- Microsoft Secure Score: Security can sometimes be a tough thing to measure. Secure Score assigns organizations a number grade so they can better grasp where they stand with security – and how their efforts stack up. Security-friendly activities such as enabling multi-factor authentication or viewing reports earn organizations points, upping their score. There’s not much value in a grade without context, so admins are able to compare scores against other companies and track their own score over time.
- DMARC Monitoring: Domain-Based Message Authentication, Reporting and Conformance (DMARC) is a mouth-full, but it can also help combat two of today’s toughest cyber security challenges: shadow IT and phishing scams. DMARC enforcement involves leveraging quarantine and reject policies to gain greater control over its email domain. This solution is now a free part of the Office 365 environment, however, rolling it out can require a hand from an outside partner.
- Microsoft Defender Advanced Threat Protection (ATP): Threats pounce at lightning speed and organizations must be able to respond in kind. Microsoft Defender ATP allows for real-time threat response. When Microsoft Defender ATP encounters an unknown file, it forwards its metadata (or the file itself) into the cloud for analysis. Microsoft Defender ATP pulls together a variety of protection engines, including meta-based, behavior-based, reputation-based, and more, to detect and stop threats that seemingly grow more complex by the day.
Next Steps: Put Microsoft’s security advances to work for you
Want to learn more about how you can leverage these advances and more to keep your organization’s data safe? Connect with our Cloud and Workspace team by visiting https://www.arrayasolutions.com/contact-us/.
Did we get something wrong? How about something right? Let us know! Leave us a comment on this or any of our blog posts through our social media accounts. Arraya can be found on LinkedIn, Twitter, and Facebook. While you’re there, follow us to stay up to date on our industry insights and unique IT learning opportunities.