Bill Gates, Office applications, technology, these are what most consumers associate Microsoft with. However, as cloud migrations and cyberattacks increase simultaneously, the tech giant has been forced to change its focus from productivity in the office to security and protection of their customer’s office tools.
Before you jump to the tips that our Boston-based Microsoft Security Consultant has for businesses operating in Azure, bear in mind what Frank Abagnale, the security consultant for the FBI, once said, “..every breach occurs because somebody in that company did something they weren’t supposed to do, or someone failed to do something they were supposed to do.”
Here are the three specific security aspects we recommend you do:
Deploy Microsoft Defender Advanced Threat Protection (Defender ATP)
Integrated into the Azure Security Center, Defender ATP is a unified endpoint security platform for preventative protection, post-breach detection, automated investigation, and response.
Some of the most impressive features of Microsoft Defender ATP include threat and vulnerability management, attack surface reduction with application controls and machine isolation from the network. Isolating machines from the network can help prevent the attacker from controlling the compromised machine and performing further activities such as data exfiltration and lateral movement.
Enable Microsoft Multi-factor Authentication and Identity Management Tools
Multi-Factor Authentication (MFA) is a layer of security that requires more than one method of authentication from independent types of credentials, to verify a user’s identity. The goal is to make it more difficult for an unauthorized person to access network resources; if one factor is compromised, the attacker still has at least one more barrier before successfully breaking into the target.
Azure provides MFA tools that you can enable for application security. You can follow these steps to configure it, or reach out to our Microsoft Security Consulting team to help you set up and customize the tools.
Configure Mobility Device Management
Regardless of whether your company has a Bring Your Own Device (BYOD) policy, your employees are likely accessing company data with their phones and tablets. Say that phone gets lost or stolen – then what? They might be using their company laptops to receive and send email from personal accounts, browse websites from home and from public places, how are you protecting these devices from malware?
Mobile Device Management (MDM) is another feature with multiple options, depending on what level of control you need. For instance, the built-in MDM for Office 365 is a great security feature for companies where employees will only be accessing email via their company-issued mobile devices.
If you need more control, or if your employees will be accessing more than just email, or using their own devices, you can use Microsoft Intune to give you much more control over how corporate data is used on mobile devices.
In our experience these three tips will help you enhance Microsoft Cloud Security Features. Let us know if you have additional questions, our team of experienced Microsoft Cloud Consultants is here to help!