CT is urging customers to adopt the Office 365 Multi Factor Authentication (MFA) tool
The CT Service Desk has recently dealt with two Office 365 account breaches last week. In both situations the breached account was used to send out OneDrive and SharePoint sharing invitations to the user’s contacts, then an inbound rule was created to prevent the user from receiving e-mail.
Both of these account breaches were made by hackers using ‘bots’ to automatically breach accounts - the logs on the Office 365 tenancy showed high levels of failed login attempts prior to the successful breach.
We expect this behaviour to continue and we are urging all O365 customers use the Office 365 Multi-Factor Authentication tool to prevent un-authorised logins where credentials have been compromised. MFA ensures that an additional factor to the password must be used to successfully access these resources.
Immediate Next Steps
- Ensure a password policy is in place and enforced.
- Ensure all remote entry points to your network are protected by MFA. Note that Office 365 counts as an entry point and should be subject to the same security policies as entry points to a traditional on-premises network.
- Use a tool such as Webroot Security Awareness training to ensure that users are aware of how to identify phishing messages and how to work in a secure manner.
- Link your Office 365 and on-premises user accounts to ensure a consistent password policy and single sign on between the environments.
- Ensure all cloud based services are backed up.
What you need to know
How much does MFA cost?
Microsoft provide MFA for free for all users, the key is how it is to be implemented as requiring all users have to use MFA for all login attempts then this would become onerous. Azure AD Premium editions include a tool called Conditional Based Access which can allow other factors such as trusted devices to be used as the other factor, removing any impact on day to day usage.
I already have 2FA can this be used to protect Office 365?
No, however Azure AD Premium can be used to extend the Office 365 MFA tool to the on-premises resources protected by the existing 2FA solution.
I thought Microsoft would keep the Office 365 system secure, why do I need to do this?
The Office 365 system is kept secure, however the method of access into the system is controlled in the Office 365 tenancy.
I thought Microsoft would backup the Office 365 platform, why do I need to back it up again?
Microsoft don’t back it up. The Office 365 platform has been designed to be exceptionally resilient, however resiliency doesn’t protect against data deleted or encrypted by a hacker.
To discuss this further or if you require support to get set up, please speak to your account manager today.