Security Enhancements in Microsoft 365

Say hello to next-level security with the latest Microsoft 365 authentication enhancements

Microsoft 365 has had several new security features introduced to help protect users and organisations from increasingly sophisticated cyber threats.

In the past year, Microsoft has made significant security improvements to its Microsoft 365 suite of products, including the introduction of Self-Service Password Reset capabilities, Multi-Factor Authentication (MFA), Security Assertion Markup Language (SAML) support and Conditional Access.

These enhancements have not only strengthened the security of the platform but have also improved the user experience by providing more seamless and convenient access.

Self-Service Password Reset (SSPR)

Self-Service Password Reset (SSPR) capabilities have been added to Microsoft 365 to enable users to reset their own passwords without the need for IT intervention. SSPR allows users to verify their identity through various methods such as email, text message, or phone call, making it easier and more secure for users to regain access to their accounts.

Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) has also been integrated into Microsoft 365 to provide an extra layer of security for user accounts. MFA requires users to provide two or more forms of identification before accessing their accounts, such as a password and a code sent to their mobile device. This significantly reduces the risk of unauthorised access, especially in the case of stolen passwords.

Security Assertion Markup Language (SAML)

In addition, Microsoft 365 now supports Security Assertion Markup Language (SAML), a standard protocol for exchanging authentication and authorisation data between parties. This allows for seamless integration with third-party applications, making it easier for users to access and use these applications while maintaining the same level of security as their Microsoft 365 accounts.

Conditional Access

Conditional Access is another security feature that has been introduced to Microsoft 365. It allows IT administrators to define policies that control access to specific resources based on various conditions such as user location, device type, and risk level. This ensures that only authorised users with compliant devices can access sensitive data and applications.

Security Key Authentication

The Security key authentication method uses a physical key that must be inserted into the device to authenticate the user. This helps to prevent phishing attacks and other forms of cyber threats that rely on stolen credentials.

Overall, these security improvements have significantly improved the user experience and security of Microsoft 365. Users can now easily reset their passwords, access third-party applications securely, and enjoy a more seamless login experience, while IT administrators have more control over who can access sensitive data and applications. As a result, Microsoft 365 is now a more secure and convenient platform for both users and IT teams.

In addition to the authentication enhancements that Microsoft have released, there are also several other security features in Microsoft 365, that have been released to help safeguard your organisation and protect your data against cyber threats:

• Microsoft Defender for Endpoint: This is a built-in endpoint protection solution that helps protect devices running Windows 10 and 11, macOS, iOS, and Android from cyber threats. It provides real-time protection against malware, viruses, and other malicious software, as well as advanced threat detection and response capabilities.
• Microsoft Defender for Office 365: This is a comprehensive threat protection solution that helps protect email, files, and other Office 365 services from advanced cyber threats. It uses machine learning and artificial intelligence to detect and respond to sophisticated attacks, such as phishing, malware, and ransomware.
• Application Guard for Office: This feature helps protect against malicious documents by opening them in a virtualised environment that prevents access to sensitive files and data on the device. This helps to prevent the spread of malware and other threats.
• Safe Documents: This feature helps to protect against file-based attacks by checking documents against a threat intelligence database before they are opened. If a document is found to be malicious, it will be blocked and reported to the IT team for further investigation.
• Insider Risk Management: This feature helps organisations identify and prevent internal threats by monitoring user activity and behaviour. It uses machine learning to detect anomalous behaviour and potential insider threats, such as data theft or unauthorised access to sensitive information.
• Microsoft Information Protection: This feature helps organisations classify, label, and protect sensitive data in real time, regardless of where it is stored or shared. It uses machine learning and sensitivity labelling to protect data and help ensure compliance with regulatory requirements.
• Azure AD Identity Protection: This feature helps organisations protect against identity-based attacks by identifying and responding to suspicious activities related to user identities. It uses machine learning and security signals to detect and remediate identity threats before they can cause harm.

Combining AIP, DLP and Defender for Cloud Apps

Azure Information Protection (AIP) and Data Loss Protection (DLP) policies are essential tools for organisations to protect sensitive data from unauthorised access or disclosure. AIP is a cloud-based solution that helps to classify, label, and protect sensitive data using encryption, access controls, and rights management. DLP, on the other hand, is a policy-based approach that helps to prevent the unintentional or malicious disclosure of sensitive data. Combining AIP, DLP along with Defender for Cloud Apps can help detect any attempts on the secured data.

Azure Information Protection

• Azure Information Protection (AIP) helps organisations to protect sensitive data by classifying, labelling, encrypting data and controlling access to it. With AIP, organisations can define policies that control how information is handled and shared, ensuring that sensitive information is always protected. AIP enables users to add labels to documents and emails to identify sensitive data and set up policies to control access to it. It uses encryption and rights management to protect sensitive data, the data is encrypted at rest and in transit, it can also apply dynamic rights management to control access to the data based on the user’s role and permissions.

Data Loss Protection (DLP)

• Data Loss Protection (DLP) is a policy-based approach to prevent the unauthorised disclosure of sensitive data. DLP policies can be set up to scan documents and emails for sensitive data and prevent them from being sent to unauthorised recipients. DLP policies can be customised to meet specific organisational needs. They can be set up to prevent sensitive data from being sent via email, chat, or other messaging services. They can also be set up to block access to sensitive data from unauthorised devices or locations which can be used to prevent accidental data loss, such as sending an email with sensitive information to the wrong recipient, prevent intentional data theft, such as copying sensitive data to a personal device or sending it to a competitor.

Defender for Cloud Apps

• Microsoft Defender for Cloud Apps provides visibility and control over cloud applications and services. It allows organisations to discover, monitor, and secure their cloud apps and data, by identifying and managing cloud risks, applying policies, and detecting and responding to threats. Defender for Cloud Apps can detect and alert on data exfiltration attempts, such as a user attempting to download a sensitive file from a cloud application.

AIP, DLP and Defender for Cloud Apps Working Together

AIP and DLP policies work together by scanning content for specific data types and applying policy rules to prevent data from being shared or accessed inappropriately. For example, a DLP policy can be created to block the sharing of credit card numbers outside of the organisation or to encrypt all emails containing National Insurance Numbers or Passport numbers.

When AIP, DLP, and Defender for Cloud Apps are used together, they can help organisations to:

• Automatically classify and label sensitive data in cloud applications
• Protect sensitive data with encryption and access controls.
• Detect and prevent the unauthorised sharing of sensitive data in cloud applications.
• Detect and alert on data exfiltration attempts in cloud applications.

By working together, AIP, DLP, and Defender for Cloud Apps can provide a comprehensive approach to protecting sensitive data in cloud applications and help organisations to comply with data protection regulations and requirements.

These are just a few of the newest security features available from Microsoft to help organisations protect against cyber threats and ensure the security of their data and users. If you would like to learn more about Microsoft Authentication tools and how to protect your data from unauthorised access, please get in touch with us today on 01932 232345