The Office 365 package is widely used around the world. It is used from small businesses to large corporations, which store and manage their information in the applications form the Office Suite, so it is quite important that they are safe from any cyber attack.

Mario Moreno

IAM Engineer

October 4th, 2021

It is known that companies are using Office 365 as a means to manage their files, calendars, events, email and instant messaging. As they are dealing with a lot of information within these platforms, it is important that companies become more aware of the security of the information that is stored from them, both for the benefit of the companies and the employee.   

A large number of these organizations are pairing the service offered by Office 365 with solutions such as AWS, Slack and Zoom. 78% of okta users using O365 work with this combination of applications. That means you must be able to effectively onboard and offboard users in each of these applications, and develop access policies that address each of these tools.  

As mentioned earlier, it is important to provide security around these services. If, in any case, someone gains access, they could find a significant amount of corporate data and be able to lock down applications or operational resources. One way they use to gain access to Office 365 is by spoofing the login page, sending emails claiming that the user’s password is about to expire and including the URL that will pshish and gain access to the data they want.   

How to add identity to Office 365

Based on the “never trust, always verify” model, it will be of great importance to get the right people to the level of access they should without creating user friction. In order to achieve this, it is important to secure access to Office 365 with Okta. To accomplish this, here are four options that could give users’ O365 logins extra security:   

  • Federate with an identity provider: Working with an identity provider such as Okta provides a place where you can manage everything related to identity and has security policies for access. Tools such as Single Sign On offer employees the ability to quickly access their applications without having to remember their user numbers, combinations and passwords.   
  • Multifactor authentication (MFA): Allows users to verify identity through different security factors. This prevents hackers from accessing resources even when they have stolen users’ credentials.  
  • Passwordless solutions: This trend is a great solution to reduce the risk of credential theft as they do not have a password for the user. It is a good option to prevent Office 365 phishing attacks.  
  • Automated onboarding and offboarding: With okta’s Lifecycle Management product, organizations can assign users from okta to Office 365 including permissions and applications. When a user’s license is removed from okta, it is removed in the same way in the O365 administrator portal, and the user can even be deleted.   

For the above mentioned, it is very important that companies that frequently use the Office 365 package have a much more advanced security system for the protection of their information and resources. A coordinated attack could expose this information and put the company in a very bad position, so we emphasize the great importance of tools such as MFA, passwordless authentication and lifecycle management for accessing and manipulating information securely.