Applications using Azure Active Directory (AD) to authenticate — a category that includes Office 365, among other things — will soon be able to stop using passwords entirely. It’s not as counter-productive as it sounds.
App-based Authentication
Azure AD accounts can already use the Microsoft Authenticator app for two-factor authentication. Two-factor authentication combines a password with a one-time code. Authentication is handled entirely by the app. The app itself represents a token a person already possesses, which is then combined with either biometric or PIN authentication for added security.
The password is arguably the most popular and most common security measure available, and many times it is also the most vulnerable. Passwords have a long, problematic history. While passwords can be very strong if they are long and random, human passwords are often anything but. Typical human passwords are often short, non-random, and reused across multiple sites.
App-based authentication avoids this long-standing weakness.
Microsoft Security Score
Enabling two-factor authentication is just one of the things that organizations can do to improve their security. To that end, Microsoft has extended “Microsoft Security Score.” MS Security Score is a tool used to assess organizational policy and provide guidance to harden an organization against attacks. Secure Score already spans Office 365 and Windows security features. Microsoft has added Azure AD, Azure Security Center, and Enterprise Mobility + Security, offering a wider range of settings and options.
The new Microsoft Threat Protection provides detection and remediation of a wide range of threat protection systems, from email to identity to infrastructure. This should make it easier to catch suspicious or odd behavior. Behavior such as strange login attempts, unusual file modifications, and atypical network activity. Then, this can be mobilized against to lock accounts, isolate systems from the network, or take appropriate action for the threat being faced.
Azure Confidential Computing
Azure Confidential Computing is now available in preview. Confidential Computing is a platform for Azure virtual machines that use processors supporting Intel’s SGX technology. Using the Confidential Computing platform, developers can create cloud applications that process sensitive data in secure, isolated, encrypted enclaves. Such that not even Microsoft cannot see what’s going on. The intent is to enable applications with strict privacy concerns to be run in the cloud.
(Image Source: iCLIPART)