Skip to content
  • Blog
  • Events
  • Help
  • Careers
  • Contact
New Signature
  • About
      • Company

        Cognizant Microsoft Business Group is dedicated to changing the way businesses innovate, transform and run based on a unique cloud operating model. You will now be redirected to our new microsite to learn more.

        View Company

      • Awards

        As a company, we are regularly recognized within the IT industry as well as the communities we serve.

        View All Awards
      • News

        Read the most up-to-date corporate announcements, Microsoft technology updates, innovative business solutions and learn more about how the Cognizant Microsoft Business Group can take your business even farther.

        View News

      • Partners

        New Signature works with a number of outstanding technology companies to deliver the best experiences to our customers.

        View Partners
      • Leadership

        Cognizant Microsoft Business Group’s executive team is comprised of innovative leaders with proven experience and deep industry expertise. You will now be redirected to our new microsite to learn more.

        View Leadership

      • Industries

        Our solutions are tailored to empower organizations across a wide range
        of industries.

        View Industry Experience
    Close
  • Solutions
      • Intelligent Enterprise
        Solutions

        Going Digital
        Unleash cloud capability, deliver change and compete at speed with a Microsoft digital operating model, enabling you to work more efficiently as you transform your IT environment. Learn More

      • Featured Solution

        Secure Cloud
        In a world of constant threat, ensuring that your underlying cloud platform is protected is the first step on your organization’s journey towards a secure, compliant operating environment. Learn More
      • Intelligent Workplace
        Solutions

      • Secure Workplace

        Work Anywhere

        Endpoint Health

        Identity Health

        Teamwork Support



        VIEW WORKPLACE SOLUTIONS
      • Intelligent Cloud
        Solutions

      • App Factory

        Azure Accelerator

        Azure Launchpad

        Azure Launchpad for DevOps

        Application Health

        Platform Health

        VIEW ClOUD SOLUTIONS
    Close
  • Services
      • Begin your journey towards becoming a digital business with GO, our unique end-to-end framework based on the Microsoft Cloud Adoption Framework.

        GO DIGITAL OPERATING MODEL
      • Intelligent Enterprise

      • Consulting

        We go beyond just technology to help your organization understand how digital can help you uniquely differentiate and better serve your employees and customers.

        VIEW ENTERPRISE SERVICES
      • Intelligent Workplace

        • Identity

          Identity is your new first-line-of-defense. It’s vital to your users and clients that your identity platform is properly configured and secured.

          Endpoint

          Whether your devices are on-premises or remote, personal or business-owned, we can ensure they are properly managed and protected.

          Teamwork

          Today’s workforce is collaborating than ever before.  We can empower your current teams with tomorrow’s progressive technologies.

          VIEW WORKPLACE SERVICES
        • Intelligent Cloud

          • Platform

            The cloud is no longer some future-state. It’s the here and now. Adopting a cloud-first platform is one of the best ways to maintain a future-proofed competitive advantage.

            Applications

            We build cloud-native apps and modernize legacy systems with the power of Azure to give your organization a competitive edge.

            Data

            We can help your organization create secure, scalable data platforms to deliver simpler and more sophisticated insights to your business.

            VIEW CLOUD SERVICES
        Close
      • Client Stories
          • Case Studies

            Browse a comprehensive list of companies who have created successful partnerships and experienced transformative solutions with New Signature.

            View All Case Studies

          • Featured Case Study TalkTalk Modern Workplace

            New Signature worked with TalkTalk to define a new Modern Workplace solution based on Microsoft 365, which kept the user firmly at the center of the transformation.
            View Case Study

          • Testimonials

            We love transforming our customers businesses, take a look at what they have to say about New Signature.

            View Testimonials

          • Featured Testimonial Davis Construction

            With New Signature’s help, Davis was able to take a progressive step forward by migrating their private branch exchange (PBX) phone system to a Voice of Internet Protocol (VoIP) system.
            View Testimonial

        Close
      • Explore
          • Guides & Ebooks

            Dive deeper into education with your team by leveraging our expert-developed guides and eBooks.

            View All Guides & Ebooks

          • Infographics

            Rich with statistics and information, our infographics are great tools for quick but insightful learning.

            View All Infographics
          • Podcast: Office Explorers

            Join Kat and Rob monthly as they chat with New Signature experts and explore the world of O365.

            Listen to Podcasts

          • Videos

            Visit our videos stream to access recorded webinars, service information and to learn more about us.

            WATCH ALL VIDEOS
          • Flyers

            Searching for information about our services? Our flyers are a great takeaway for all those details.

            VIEW ALL FLYERS

          • Featured Stream

            Learn more about the tooling and expertise required to unlock productivity and mobilize your teams.

            MODERN WORKPLACE
        Close
        Close
      Blog

      Protecting Your Access with Azure Identity & Security

      New Signature / Blog / Protecting Your Access with Azure Identity & Security
      October 15, 2020October 15, 2020| New Signature

      IT security is an ever-growing concern for organizations around the globe. We are more deeply connected to technology than we ever have been before. This really works in our favor when it comes to productivity in business and creativity. Unfortunately, this also creates a perfect breeding ground for hackers to design malicious threats by using unauthorized individuals to gain access to systems they have not been granted access to.

      identity

      Microsoft Azure has a huge commitment to security. Microsoft also has an extensive list of technologies to help combat cyber security threats on your business, with identity being the single control pane for accessing all your data, devices and applications.

      Identity, as a whole, is at the center of security . When you think about all of your data breaches or any types of questions that are going to be asked of whether or not you were breached your CISO will probably ask the most fundamental questions such as:

      “Who did this?”

      “Where did they come from?”

      “What permissions did they have?”

      “What else did they have access to?”

      “What else could have been compromised?”

      These questions are really quite scary when you put security and identity together. The nature of cyber security attacks is constantly changing; attackers find new intelligent ways to breach networks and infrastructure, specifically targeting credentials. Rather than using phishing or malware, most of time attackers are hiding under the identity of an innocent user who doesn’t even know they have been compromised.

      identity

      Attacks are caused by lost, weak or compromised user credentials, credentials which are vulnerable because passwords are vulnerable. A previous study has shown that 73% of passwords are, in fact, duplicates. We all know the challenge of having multiple passwords for different applications and services, right? So in order to simplify our process and be more productive, we tend to use the same passwords over and over again (maybe with a “1” at the end, or an “!” exclamation mark), thus making it far easier for an attacker to dump those extra characters into their wordlists and commence their attack.

      identity

      80% of employees use non-approved apps and services for work on their company device. So, if they’re using a similar password for each system or application they use, hackers can ingest the algorithm on non-secure sites then find that same password pattern among the rest of the employee’s services. This is called “Lateral Movement,” when an attacker will systematically move through your networks and application data to ex-filtrate that information.

      identity

      Multi-factor authentication is something that can really help reduce the risk of identity theft being compromised by 99.9%. Yet, not everybody utilizes MFA. When an organization moves their employees to the public cloud using Azure AD and AD Connect for synchronization, their security strategy needs to start with a strong protected single identity at the center of the business.

      identity

      Organizations are routinely challenged by multiple security threats:

      • Compromised Credentials: Highly privileged accounts that have had their passwords stolen.
      • Weak and Stolen Credentials: Accounts with weak passwords that have been compromised.
      • Malicious Insiders: Associates that have malicious intent through social engineering or other reasons.
      • Trust relationships: Compromised accounts in a trusted domain or forest.
      • Misconfiguration: Endpoints that are missing security updates, policies, settings, or protection software.
      • Ransomware: Malicious code that finds its way into unprotected endpoints through improper configuration, email, and unaware users copying files from removable devices. Ransomware typically disables certain aspects of a system or entire systems altogether so that data and services are rendered completely inaccessible in exchange for money to reverse the damage. The WannaCry ransomware in 2017, which crippled the multiple companies, is a good example of this.

      For further clarity, I’ve listed a few Microsoft Technologies and attack scenarios on how to defend your business against different types of cyber security threats beyond just Identity.

      Compromised Credentials Technology
      Privileged access credentials, which give administrative access to devices and systems, typically pose a higher risk to the enterprise than consumer credentials. Azure PIM – Azure Privileged Identity Management provides a set of features to make it difficult to maliciously use privileged identities. Just in time (JIT) access, just enough access (JEA), role time limitations and role approvals are just some of the features you can use to provide only the access required to perform a specific task within a limited time window. Access is then removed to the role after that time has elapsed.
      Weak and Stolen Credentials Technology
      Apps and protocols sending login credentials over your network pose a significant security threat. An attacker connected to your network can easily locate and utilize these credentials for lateral movement. Azure MFA – Azure Multifactor authentication (MFA) prevents unauthorized access to a system using stolen credentials by requiring the user to provide at minimum a secondary form of authentication. A mobile phone attached to the account for which a text or call is sent to confirm the login is a common and effective approach.

      Azure AD Password Protection – Enhances an organization’s password policy by providing a list of banned words or terms that cannot be used in a password.

      Azure AD Smart Lockout – Intended to detect a brute force attack. Smart Lockout detects password entries that vary wildly. When something is deemed a brute force attack, the account gets locked out after a defined threshold of attempts.

      Malicious Insiders Technology
      Users with access to sensitive data and networks can inflict extensive damage through privileged misuse and malicious intent. Azure RBAC – Role based access control provides only the effective rights for a given user to perform their role. If their password is compromised, damage limitation is assured.

       

      Misconfiguration Technology
      Misconfigured virtual machines, devices, and apps present an easy entry point for an attacker to exploit. Azure Policy – Azure Policy provides effective governance over IT assets. You can audit your infrastructure and remediate automatically when resources are non-compliant.

      Azure Security Center – The security center is a one stop shop to detect, prevent and respond to threats across your Azure environment. Identify shadow IT subscriptions, lack of endpoint protection and unencrypted virtual machines.

      Azure Firewall – As well as having endpoint protection, Azure firewall is yet another line of defense against misconfigured VM’s.

       

      Ransomware Technology
      The costs of a ransomware attack can range from a few hundred dollars to thousands, payable to cybercriminals in Bitcoin. Azure Sentinel – Collects data across your enterprise and uses intelligent AI to make threat detection smarter and faster. You can detect and respond to threats rapidly with automation and orchestration.

      Update Management – Turn on update management for your virtual machines and ensure they have the latest security updates.

      Azure Endpoint Protection – Malicious attacks begin at the source, a guest operating system such as Windows or Linux. Endpoint protection ensures that you have a first line of defense against viruses and ransomware attacks.

      Phishing Attacks Technology
      Phishing is one of the most effective social engineering attack vectors. DMARC with O365 – Domain Messaging Authentication, Reporting and Conformance is an email authentication, policy, and reporting protocol. Its purpose is to make it easier to determine if a message is from a legitimate sender and what happens if it’s not.

      Office 365 ATP Anti Phishing – When using Office 365, you can enable and define ATP Anti Phishing policies to help protect against Phishing attacks. Messages can be quarantined, deleted before arrival, sent to junk, or redirected to protect end users from phishing attempts.

      A lot of the above technologies listed can now be connected to Azure Sentinel. This will help your blue teams verify the identity flaws and security information and create a solid defensive strategy.

      To put it plain and simple, no one is really safe. However, implementing these types of products can help you minimize threats, reduce risk, and have a more secure and sustainable identity security model overall. Cost is going to be a factor, but should you really put a price tag on your data?

      To summarize:

      Design for a solid authentication solution (Please invest in Multi-Factor Authentication!!)

      • Something you know
      • Something you have
      • Something you are

      Design for a solid authorization solution (Identity Access Management)

      • RBAC
      • Apps & Data Access
      • Privileged Access Management

      At New Signature, security isn’t just one thing we do; it’s baked into all we do. If you are concerned about the security posture of your business, connect with an expert today.

       

      About the Author
      Craig Fretwell is a New Signature Azure Solutions Architect located in our United Kingdom region. He’s spent the last 12 years focusing on helping customers overcome challenges with cloud-based solutions. His primary focus is on architecting and designing cloud and hybrid solutions in Azure. He loves to troubleshoot problems he’s faced and write about those challenges to help others find success.

      Categories
      Technical Reviews
      Contact New Signature

      Blog Posts

      • Agile Delivery for Large Scale Data Ingestion using Azure Data Explorer
      • Implementing Cloud Adoption Framework Across Vida Homeloan’s Organization
      • Cognizant Microsoft Business Group Achieves Microsoft Advanced Specialization for Windows Virtual Desktop
      • Cognizant’s Experience Lab for Continuous Testing with Azure

      Managed Services

      Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent fermentum, enim ac dignissim aliquet

      VIEW ALL MANAGED SERVICES

      Professional Services

      Lorem ipsum dolor sit amet, consectetur adipiscing elit. Praesent fermentum, enim ac dignissim aliquet

      VIEW ALL PROFESSIONAL SERVICES

      New Signature

      About

      • Company
      • Awards
      • News
      • Leadership
      • Partners
      • Industries

      Solutions

      • Intelligent Enterprise Solutions
      • Intelligent Workplace Solutions
      • Intelligent Cloud Solutions

      Services

      • GO
      • Intelligent Enterprise
      • Intelligent Workplace
      • Intelligent Cloud

      Client Stories

      • Client Stories
      • Testimonials

      Explore

      • Guides & Ebooks
      • Podcasts
      • Flyers
      • Infographics
      • Videos
      Copyright © 2023 New Signature
      • Blog
      • Events
      • Careers
      • Help
      • Anti Slavery
      • Privacy Policy
      • Contact
      • About
        • Company
        • Awards
        • News
        • Leadership
        • Partners
        • Industries
      • Services
        • GO
        • Intelligent Enterprise
        • Intelligent Workplace
        • Intelligent Cloud
      • Client Stories
        • Case Studies
        • Testimonials
      • Technologies
      • Explore
        • Guides & Ebooks
        • Infographics
        • Podcast: Office Explorers
        • Videos
        • Flyers
      • Blog
      • Events
      • Careers
      • Contact
      • Search
      Cookie Settings
      New Signature uses "Required Cookies" to run our website, "Functional Cookies" used by third parties to personalise marketing, including social media features.

      Change your preferences by clicking the “Cookie Settings” link at the bottom of every page. Learn more about cookies in our Cookie Policy and our Privacy Policy. By clicking the “Accept Cookies” button below, you consent to our use of cookies.

      Please note that “Required Cookies” will be set regardless of your consent.
      Cookie SettingsAccept Cookies
      Privacy & Cookies Policy

      Privacy Overview

      This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
      Performance

      Performance Cookies provide Content Delivery Network assets that deliver faster site content delivery capabilities.

      Required

      These cookies are required mainly in order to deliver Multilanguage site capabilities.

      Functional

      Functional Cookies allow us to provided advanced media capabilities including videos, surveys and other multimedia capabilities.

      Disabling Functional cookies will block the playing of videos and other multimedia site components.

      Targeting

      Targeting Cookies are used to capture user information in order for New Signature to deliver better user experiences.

      Save & Accept