Microsoft has tightened up the security for users of its Office 365 cloud service, after switching on multifactor authentication.
Redmond made the move in order to avoid the high-profile security breaches that have plagued rival cloud services, but also because Office 365 accounts are likely to contain sensitive corporate information.
The security measure is no longer the exclusive domain of administrators, said Paul Andrew, an Office 365 technical product manager. “Multifactor authentication has been available for Office 365 administrative roles since June 2013, and today we’re extending this capability to any Office 365 user,” he wrote in a 10 February blog post.
The move is part of a broader effort by the company to harden its cloud services slate. In June 2013, Microsoft announced that it was bringing multifactor authentication, based on technology from its PhoneFactor acquisition, to Windows Azure Active Directory (AD) services, enabling users to securely access their accounts with additional credentials supplied by an app or Short Message Service text.
Microsoft officially launched the new feature in September. Scott Guthrie, now the new cloud chief at Microsoft, said at the time in a statement that organisations could finally leverage multifactor authentication to provide an extra layer of security for “Windows Azure, Office 365, Intune, Dynamics CRM and any third-party cloud service that supports Windows Azure Active Directory,” plus custom applications.
In recent years, online service providers have been rocked by breaches that have caused security-conscious enterprises to regard the cloud suspiciously.
Dropbox, a popular cloud storage company, rolled out two-step authentication in 2012 after a breach that made user data susceptible to snoops. Twitter followed suit in 2013 after major accounts had been hacked. Security researchers said the recent Yahoo Mail breach would have been a non-event for users had they switched on the service’s multifactor authentication options.
Microsoft is also looking to extend multifactor authentication to Office 365 client apps. Noting that users currently have a workaround by configuring App Passwords to secure their desktop apps, Andrew revealed that soon, “Office 365 customers will be able to use multifactor authentication directly from Office 2013 client applications.”
“We’re planning to add native multifactor authentication for applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell and OneDrive for Business, with a release date planned for later in 2014,” he added. The update will supplement phone-based authentication with support for third-party solutions and smart cards that conform to the US Department of Defense Common Access Card (CAC) and US Federal Personal Identity Verification card (PIV) security standards.
Are you a security guru? Try our quiz!
Originally published on eWeek.
Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…
Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…
Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…
Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…
Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal
Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…