Microsoft Office 365 MFA Mandate
By Monty Sagal – Director of Channel Enablement & Compliance
Office 365 comes with top-of-the-line security built into its entire suite. However, it cannot protect you from SaaS data loss from your end. These include some of the most common causes of data loss due to human error, malicious intent, sync errors, and malware. Microsoft has mandated certain security requirements from its Cloud Solution Provider (CSP) program partners to minimize the risk of Office 365 data loss. Most organizations typically liaise with more than a few CSPs, so it’s essential that you check that they comply with Office 365 security requirements. In this blog we detail the new Microsoft Office 365 Security mandates for CSPs, understand why MFA matters and why it’s important for you to check that your CSP supports MFA.
The New Office 365 CSP Security Mandates
The year-on-year increase in the number and inventiveness of malware, phishing, and ransomware attacks has made cybersecurity a top priority for organizations worldwide. Repercussions of malware attacks are exponentially compounded on the cloud – as breaches can cascade from one SaaS app to another. In view of that, Microsoft has added two requirements from CSPs:
- Mandatory Multi-Factor Authentication (MFA): All user accounts in the partner tenant must enable MFA to be able to“transact in the Cloud Solution Provider through Partner Center or via APIs”.
- Adoption of the Secure Application Model framework: All partners integrating with the Partner Center API must “adopt the Secure Application Model framework for any app + user auth model applications”.
Why does MFA matter?
The reason why MFA is the gold standard for secure app authentication (which is why Microsoft is mandating Office 365 MFA), is because it eliminates the risk of breaches due to weak passwords.
If you think your strong password policy suffices, know that it can be easily broken into by most of the common types of malware attacks such as phishing, credential stuffing, keystroke logging. This is because they use credential interception, database breaches, and/or network scanning to steal the exact password, making its perceived “strength” immaterial.
Compromised credentials are the major cause of data breaches, and by bypassing them, MFA has demonstrated success in blocking 99.9% of breaches. The reason behind it is its use of a combination of password, security token, and possibly even biometric verification to authenticate users.
Why you should check that your CSP supports MFA
While Microsoft has mandated MFA, it is worth checking that your CSP supports it. Incidents like the data breach at PCM which gave hackers access to the Office 365 credentials of the company’s clients highlighted how one breached vendor app means your data is at risk too. A partner’s breach is as good (rather bad) as your organization being breached.
We at CloudAlly give the utmost importance to our customer’s data protection. Long before Microsoft’s mandate, we implemented MFA for our Office 365 cloud backup solution, as we believe it to be the most secure method of app authentication. Furthermore, CloudAlly supports the Secure Application Model, with OAuth permission-based access. CloudAlly also comes with ISO 27001 Certification and is compliant with GDPR, and HIPAA. So you can be sure that your Office 365 data is securely backed up with us.
Try our full-featured 14 Day Free Trial and trust your data protection with a stringently secure partner. Because security is just not worth compromising. Click Here to read more about our Office 365 Backup.