Securing Office 365 with Okta

As the leading independent provider of enterprise identity, Okta integrates with more than 5000 cloud applications out-of-the-box. These cloud applications are accessible from Internet and hence are regularly targeted by adversaries. Okta’s security team sees countless intrusion attempts across its customer base, including phishing, password spraying, KnockKnock and brute-force attacks. They continuously monitor and rapidly respond to these attacks to protect customer tenants and the Okta service. The most commonly targeted application for these attacks is Office 365, a cloud business productivity service developed by Microsoft.

Okta’s customers commonly use a combination of single sign-on (SSO), automated provisioning, and multi-factor authentication (MFA) to protect their Office 365 tenants against the aforementioned attacks. However, Office 365 uses several authentication methods and access protocols, including some authentication methods and legacy authentication protocols that do not support MFA in their authentication flow. It has become increasingly common for attackers to abuse these legacy authentication protocols to compromise business email accounts.

This document covers the security issues discussed above and provides illustrative guidance on how to configure the Office 365 application with Okta to bridge the gap created by lack of MFA for Office 365. This information is based on internal research performed by the Okta security team and does not constitute a replacement for Okta documentation addressing Office 365 configuration for Okta.