February 26, 2023
How to secure Microsoft 365 in 2023
By a wide margin, Microsoft 365 is the world’s most popular productivity software with more than 180 million users worldwide. Updating familiar applications such as Excel, Word and PowerPoint for the cloud computing era has enabled Microsoft to once again transform the way small and midsize businesses work and collaborate.
However, as with any complex technology platform, implementing Microsoft 365 in your network can also present cybersecurity challenges. Based on recent announcements from Microsoft, we see a few key steps and strategies that all companies should take to keep their corporate data more secure in 2023 than what was required in 2022.
BYOD device security shifts to conditional access
Many smaller companies allow employees to use their personal devices for work functions. Sometimes they do this because it is more convenient for staff to simply use the devices they are familiar with, while other times cost savings on the business side drive this decision.
These “bring your own device” (BYOD) arrangements also have some serious drawbacks, especially with regard to how companies manage their Microsoft 365 data.
At worst, a company has no visibility or control over the devices they are allowed to connect to corporate resources, meaning corporate data may sit unsecured on an employee’s personal device, where it is highly vulnerable to hacking and exfiltration.
More often, a company will have implemented a basic mobile device management (mdm) solution to keep devices up-to-date and build a rudimentary barrier between the company and personal data.
Enhance data security with conditional access
Mobile device management can help secure employee-owned phones and tablets; it is an intrusive option that requires a company to install software on the personal devices of each of their employees.
Microsoft 365 has a feature that allows businesses to keep information on BYOD devices secure without having to implement an MDM solution. It is called “conditional access,” and it is one of the least appreciated features in the software suite.
Conditional access is a set of controls within Microsoft Azure Active Directory that protects sensitive content by requiring users to meet a set of criteria before accessing it. The flexible conditional access system allows you to create and automate detailed security rules that apply to users, devices and their locations without the need for a 3rd party solution .
Here are some ways you can use conditional access to secure your mobile data:
- Integrate authentication factors such as passwords, facial recognition and voice recognition into your overall security plan.
- Enforce security standards to deny unauthenticated users access to your sensitive information.
- Automate monitoring and security rule adjustments after the system detects an anomaly, such as an unrecognized location.
- Protect your network from security credentials such as username and password being stolen.
- Reduce risk and improve compliance by empowering your staff to control applications while reducing the need for third-party solutions.
If you want to implement conditional access, you should start by auditing your technology to find valuable data assets in your organization’s systems. Next, clarify which controls are appropriate for each of the systems on your network and document those controls so they can be modified as your systems evolve.
Prepare your company for “Modern Verification.
One crucial change Microsoft 365 users will face in 2023 is the removal of basic authentication for commonly used services, such as POP, IMAP and PowerShell. In the future, all systems will have to move to what Microsoft calls “modern authentication,” which verifies each user’s identity under stricter rules than in the past.
The reason is that older basic authentication sends a user’s unencrypted name and password in plain text with every access request, exposing this important information to interception and theft.
With the number of password-based attacks rising to one every 921 seconds, basic authentication is not lonely enough for today’s digital business. Experienced hackers can even bypass multi-factor authentication (MFA) systems, undermining one of the most important security controls in the SMB cybersecurity toolkit.
Microsoft announced that basic 2023 authentication would be removed for all protocols as of January 2023, meaning all companies must have a plan to deal with this new reality.
Approaching modern verification proactively
To ensure your network remains stable during the upgrade, you can use Microsoft 365 login logs to determine which services/users are using these outdated methods and migrate them to supported methods.
We recommend that companies work with their IT support company to determine which APIs depend on M365 and how best to upgrade these services to modern authentication.
You should also have your IT team contact your technology vendors and determine which of their services or APIs support modern authentication and which do not. Once this thorough audit of your applications and services is complete, you can proactively upgrade or replace those that do not meet the new modern authentication standards.
Prepare for the possibility of network instability
Companies should be aware that migrating from basic authentication can have a negative impact on their networks. For example, companies that use Exchange ActiveSync (EAS) to connect their corporate e-mail to cell phones are likely to experience problems with modern authentication. Similarly, the scan-to-email features that printers have may also be affected.
Managing Microsoft 365 at ALTA-ICT
If you want to have the perfect Microsoft 365 environment, it is important that the configuration is all right. Because the Office environment is constantly changing, management is quite complex. Contact us for a free introductory meeting.
Want to know more?
Optimize your Microsoft 365 license management with This Checklist
The latest news about Microsoft 365 and Teams in your mailbox every week.