Introduction:
We have seen in the latest news how vendor and supplier attacks have penetrated large companies like Okta. This has prompted many customers to ask us “How can we prevent these kinds of attacks in our environment?” This got us to think about efficient ways in which we can secure our Azure AD and minimize attack vectors such as supplier breaches
Here are some simple steps we recommend you take to reduce the risk arising from cyberthreats-
Turn on your Customer Lockbox
Customer Lockbox ensures that Microsoft cannot access your content to do service operations without your explicit approval. Customer Lockbox brings you into the approval workflow process that Microsoft uses to ensure only authorized requests allow access to your content. Lockbox approvals are timebound and are fully audited. This means if you do need help from Microsoft Support, you can approve their access temporarily for them to do the debugging, and then they lose access afterward. In the case of the Okta breach, this would have prevented them from having access to your data without your approval. To enable customer lockbox, click on the link and follow these instructions: https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-lockbox-requests?view=o365-worldwide#turn-customer-lockbox-requests-on-or-off
Enable Privileged Identity Management
Privileged access management gives you granular access control around admin tasks in Microsoft 365. It helps protect your tenant from breaches like the ones used in Okta, which used existing privileged admin accounts with standing access to sensitive customer data. Privileged access management allows users to request just-in-time access to Microsoft 365 Admin roles to complete tasks through a time-bounded, and approval workflow process. Multi-factor Authentication can also be used as a prerequisite before elevating a user’s role, further securing a tenant’s most sensitive roles. More can be found on Microsoft’s site: https://docs.microsoft.com/en-us/microsoft-365/compliance/privileged-access-management-solution-overview?view=o365-worldwide
Audit your suppliers and vendors access regularly
It is important to always build in a process around the access life cycle, from provisioning to retirement. One of these steps in the life cycle is monitoring. Azure AD’s access review allows you to set recurring access reviews for roles, groups, and accounts. Most security frameworks require that you have a standing review every 6 or 12 months for admin-related roles. With Azure AD’s access review, this is automated.
While it is almost impossible to prevent what happened to Okta, we hope these simple steps can help you successfully mitigate the risks of cyberattacks.