The Fine Art of Protecting Microsoft Office 365 Apps With Multifactor Authentication

July 16, 2019
| |
3 min read

The initials MFA, as every computer security professional knows, stand for multifactor authentication. The same initials also stand for Master of Fine Arts, and maybe that’s no accident. Protecting your organization’s internal systems and data against intrusion is indeed a fine art. It requires balancing the security needs of the organization against the needs of employees for convenient access to the applications and information they need every day to get their work done.

Set the barriers too low, and the bad guys will find a way in. Make the access process too burdensome, and users get frustrated while productivity suffers. Users have even been known — with no ill intent — to set up shadow IT systems just so they can do their work without having to keep track of passwords. How can organizations strike the right balance between a pleasant user experience and risk-based multifactor authentication?

Improve Microsoft Office 365 Security With MFA

Microsoft Office 365 is one of the most popular application suites in the world. Many thousands of large organizations provide Office 365 apps for new employees and for existing employees to use on new devices. It offers the benefit of keeping applications such as Word, PowerPoint and Excel consistently current with the latest fixes and features all downloaded from the cloud. But with the convenience of the cloud comes the risk of intrusion every time those apps or updates are downloaded. That’s where MFA comes in to help protect businesses against Office 365 security threats.

Before we go any further, what is multifactor authentication? MFA is any process that requires an end user to submit two or more pieces of identification to gain access to a system. The most common example is the familiar two-part username-and-password authentication. While effective in most situations, the username-and-password combination is a frequent target of threat actors. And, because so many of us use the same password for multiple accounts, one breach can threaten a range of systems. Plus, we all have trouble remembering and resetting passwords repeatedly to meet ever-stricter requirements for complexity and length.

Multifactor Authentication for the Modern Era

Fortunately, today there are cutting-edge solutions to provide multifactor authentication that is both secure and easy to use. MFA mechanisms such as email or text, one-time-passwords, and mobile push with biometric requirements can confirm the identity of users on an app-by-app basis. Once identity is established for a specific device, users can gain access with single sign-on (SSO) capabilities. In addition to protecting your cloud-based applications, the same MFA solutions can safeguard your on-premises enterprise systems as well, such as Linux, AIX, z Mainframe and Windows remote desktop.

Features such as an administrator’s dashboard can integrate data from various sources and present a unified display of relevant, in-context information. This allows administrators to view usage statistics at a glance by geography, time period and other variables. Sign-on activity can be monitored across the organization to track successful and failed logins and to spot any unusual activity.

Some solutions also offer reporting capabilities that let administrators assemble authentication reports to look for trends and anomalies. Reports can show which applications — and thus licenses — are used most frequently and which users are most active.

In addition, since not all applications require the same level of security, administrators can also customize settings for when and how users need to authenticate for different applications. An app that offers access to confidential information, for example, will require stronger authentication protocols than access to an event calendar.

Ideally, end users should be able to browse available apps and request access to Office 365 or other applications from a simple access request interface. Such systems provide faster access for users and place less of a burden on administrators.

Perimeter Protections Can’t Keep Up With BYOD

Security professionals know all too well that threat actors are relentless in their efforts to break into computer systems. The risk environment is always changing. In today’s world, where mobile devices and bring-your-own-device (BYOD) policies are proliferating, a firewall around the perimeter is no longer adequate. And while cloud-based applications offer many benefits, they also raise the stakes for the security team.

Your security measures need to keep pace with the threats and the evolving needs of your users. The right solution can enable administrators to deploy apps quickly while ensuring compliance with company access policies and simplifying the access process for end users. It can also enhance mobile device enrollment and compliance — something that is truly needed in a cloud-driven company.

Learn More in the Webinar: Protecting Office365 with IBM Cloud Identity and MaaS360
Adam Case
Technical Offering Manager - Cloud Identity, IBM Security

Adam is an Enterprise Security Professional with experience implementing end user security software for Fortune 1000 customers in the Identity and Access and...
read more