In the Age of Remote Work, Securing Office 365 Is a Must
According to our Businesses @ Work Reports, Microsoft’s Office 365 has ranked as the #1 most popular application within the Okta integration network for the last few years — both by number of customers and by number of monthly active users.
Top apps by number of customers - Businesses @ Work 2020
Top apps by number of monthly unique active users - Businesses @ Work 2020
Organizations everywhere use this toolset to manage their sensitive files, calendars, and email messages, and this trend shows no sign of slowing down. But the sudden shift towards more distributed work means that organizations must be more cognisant of data security and employee usability than ever.
In this post, we’ll explore some of the productivity and security concerns that Office 365 customers should be on the lookout for, and how Okta can help.
Office 365’s remote work challenges
As companies choose the right technologies for their teams, they’re often pairing Office 365 with other best-in-class solutions, such as AWS, Slack, and Zoom. In fact, 78% of Okta’s Office 365 customers use it alongside one or more leading apps.
That means that you need to be able to effectively onboard and offboard users to each of those applications, and develop access policies that address each of those tools. This is a massive burden for HR and IT teams alike—particularly as their users operate remotely.
Malicious actors also know that breaching Office 365 would grant them access to a treasure trove of corporate data, and could even open the door to hundreds of other apps and corporate resources.
One significant security challenge with Office 365 is that its popularity introduces a profitable window of opportunity for threat actors to deploy large-scale phishing campaigns. Threat actors will spoof the Office 365 login page, send emails claiming that a user’s password is going to expire, including phishing URLs in malicious emails, etc. in an attempt to steal credentials.
Applying identity to Office 365
As businesses secure their remote workforce, focusing on protecting identities—instead of the network perimeter—is vital. Adopting this “never trust, always verify” mindset will be crucial to ensuring that only the right people have the right level of access to the right resources in the right context, without adding friction for the user. When it comes to better securing Office 365 with Okta, this can take shape in a number of ways:
- Federate with an identity provider: Federating Office 365 authentication with an identity provider like Okta provides a single place to manage identity and maintains secure access policies. Tools like SSO provide employees with a quick and simple method for signing into apps without having to remember multiple username and password combinations.
- Multi-factor authentication (MFA): Providing MFA access enables users to verify their identity beyond simply providing a username and password. This prevents hackers from accessing resources even if they manage to steal an employee’s credentials.
- Passwordless solutions: MFA is a great foundational step to deploying passwordless. Given the prevalence of phishing attacks on Office 365, passwordless authentication is a great way to reduce the risk of credential compromise, since there is no password in the login flow at all.
- Automated onboarding and offboarding: With Okta’s Lifecycle Management product, organizations can automatically assign and provision users from Okta directly to Office 365, including specific Office 365 apps and permissions. And, when you need to remove licenses for a user in Office 365, admins can remove the Office 365 assignment in Okta, which will automate license removal and, optionally, account deletion in Office 365.
The impact? Your end-users can access the files, emails, and calendars they need to be productive from outside the office with a minimal amount of security risk.
For more information on how Okta and Office 365 can better enable your remote workforce, check out the following resources: