Living in the New Age of Heightened Security: Taking the Next Step to Secure your Office 365 systems

Recent Russian attacks in the U.S. have brought into clear light the necessity to implement Multi-factor Authentication (or “2fa”) and End-point Protection for Cloud-based systems. While these are currently security options, it is becoming increasingly apparent that they should be “must-haves” in this new age of heightened security. Given the continually escalating “hacking” attempts, we expect that Microsoft will soon make this option the default for all Office 365 users to secure your Office 365 systems.

While it is already mandatory for Microsoft Partners to implement, we would not be surprised if the option to disable it were removed entirely as a means of enforcing this necessary security step across the user base. With that in mind, it is best to implement it now while you have some control over it.

Turning on Multi-factor Authentication:

Multi-factor Authentication is already available in Office 365 as an option that can be turned on or off on a per-user basis. You must log in to Office 365 as an Admin and go to the “Users” section… then click on “Multi-factor authentication”…

… Select the user(s) and choose “Enable” to turn on Multi-factor authentication:

At this point, Mfa\2fa is enabled for that user and when they next try to logon to O365 they will be prompted with a wizard that steps them through the process of configuring their Mfa\2fa settings.

To proceed, they will require their phone as well as access to a browser. The process involves scanning a QR code with their phone and essentially “links” the Mfa\2fa to that phone – using either the Microsoft Authenticator App (which they must download) or via a Text message. Their settings for Mfa\2fa can be found at the “Additional Security Verification” link, from which they can specify alternate phone numbers to connect Mfa\2fa and\or add\remove devices to connect to the Microsoft Authenticator App: https://account.activedirectory.windowsazure.com/Proofup.aspx

Once Mfa\2fa has been “enabled” for a user, you will see a new option in the Multi-factor Authentication screen for that user, which is to “enforce” it:

“Enforcing” Mfa\2fa is slightly different than “Enabling” it in that once Mfa\2fa “enforced” for that user, they will need to create an “app password” to use in Non-browser programs (e.g. on-premise programs that connect to your Office 365 system) such as Outlook.  App Passwords can be added\deleted from this link:  https://account.activedirectory.windowsazure.com/AppPasswords.aspx

Note that there are also third-party Multi-factor Authentication apps (such as “Duo” or “GoogleAuthenticator”) which you can use with your On-premise products if you do not wish to use the built-in Office 365 Mfa\2fa.

If you have challenges with enabling Multi-factor Authentication on your Office 365 systems, please reach out to us at treid@voxism.com and we can assist you with getting this setup.

About End-Point Protection

“End-point protection” refers to software security tools that will help protect your PC\laptops\devices from phishing and hacking attempts. BitDefender is one of the leading software packages for end-point protection.

End-point protection is important to implement as most breaches (especially ransomware attacks) occur because a user clicks on a link from their PC\laptop and that loads viruses\keystroke recorders or other related phishing code. End-point protection tools help to prevent these “codes” from running.

There are a wide variety of End-Point protection software packages available but the “top 5” recommended are:

• Bitdefender Gravityzone advanced business security
• Avast Business Antivirus Pro Plus
• ESET Endpoint Protection Advanced Cloud
• Trend Micro Worry-Free Business Security Services Advanced
• Panda Security Adaptive Defense 360

Secure your Office 365 systems with VOX ISM

VOX ISM provides an Office 365 “Enhanced Security and End-point Protection” package which includes BitDefender as part of its solution as well as including an intuitive interface for managing settings and configurations for On-line systems along with pre-configured “template” profile settings that allow for prevention and early warning of possible insecure settings within On-line systems

We also offer a “Secure Backup Protection” package with provides you with fully configurable Off-site backups of your on-premise (local) files as well as Office 365 mailboxes, OneDrive and SharePoint files. ().

Why would you need Off-site backup protection if your Dynamics 365 Business Central and Customer Engagement\CRM databases are already automatically backed up by Microsoft? … well, those backups do NOT include Office 365 email, SharePoint sites or OneDrive files. They only include the actual BC\CRM Databases.

Some key points about the “Vox Secure Backup Protection”:

• 35% of on-premise backups fail (you cannot restore from them). Either due to old media being used, or a bad sector on a drive or simply not maintained\tested.

• Ransom-ware attacks files through the network so, local backups often run the risk of being affected by ransomware as well … putting your data at great risk.

• The Secure Backup protection offers secure Off-site backups to ensure the safety of backups and recoverability.

• Applies to Databases and key files\folders for On-premise systems and backups of Office 365 Email, Sharepoint and OneDrive files for Online systems.

• Flexible pricing based on usage is available (based on 50GB\mnth packets)

Whether you go through VOX ISM or any other vendor, please ensure that you implement Multi-factor Authentication and End-point protection soon to secure your Office 365 systems. You should also ensure you have adequate redundant backup strategies and a Disaster Recovery Plan.

Please feel free to reach out to your VOX ISM associate if you want further information or assistance.

Blog post by Trevor Reid, Senior Technology Consultant, VOX ISM
Email: treid@voxism.com Phone: 416-571-1263