Three Ways to Prevent An Okta-Like Breach in Azure Active Directory | Netwoven
Blog

Three Ways to Prevent An Okta-Like Breach in Azure Active Directory

By Matthew Maher  |  Published on April 25, 2022

Three Ways to Prevent An Okta-Like Breach in Azure Active Directory

Introduction:

We have seen in the latest news how vendor and supplier attacks have penetrated large companies like Okta. This has prompted many customers to ask us “How can we prevent these kinds of attacks in our environment?” This got us to think about efficient ways in which we can secure our Azure AD and minimize attack vectors such as supplier breaches

Here are some simple steps we recommend you take to reduce the risk arising from cyberthreats-

Turn on your Customer Lockbox

Customer Lockbox ensures that Microsoft cannot access your content to do service operations without your explicit approval. Customer Lockbox brings you into the approval workflow process that Microsoft uses to ensure only authorized requests allow access to your content. Lockbox approvals are timebound and are fully audited. This means if you do need help from Microsoft Support, you can approve their access temporarily for them to do the debugging, and then they lose access afterward. In the case of the Okta breach, this would have prevented them from having access to your data without your approval. To enable customer lockbox, click on the link and follow these instructions: https://docs.microsoft.com/en-us/microsoft-365/compliance/customer-lockbox-requests?view=o365-worldwide#turn-customer-lockbox-requests-on-or-off

Enable Privileged Identity Management

Privileged access management gives you granular access control around admin tasks in Microsoft 365. It helps protect your tenant from breaches like the ones used in Okta, which used existing privileged admin accounts with standing access to sensitive customer data. Privileged access management allows users to request just-in-time access to Microsoft 365 Admin roles to complete tasks through a time-bounded, and approval workflow process. Multi-factor Authentication can also be used as a prerequisite before elevating a user’s role, further securing a tenant’s most sensitive roles. More can be found on Microsoft’s site: https://docs.microsoft.com/en-us/microsoft-365/compliance/privileged-access-management-solution-overview?view=o365-worldwide

Audit your suppliers and vendors access regularly

It is important to always build in a process around the access life cycle, from provisioning to retirement. One of these steps in the life cycle is monitoring. Azure AD’s access review allows you to set recurring access reviews for roles, groups, and accounts. Most security frameworks require that you have a standing review every 6 or 12 months for admin-related roles. With Azure AD’s access review, this is automated.

While it is almost impossible to prevent what happened to Okta, we hope these simple steps can help you successfully mitigate the risks of cyberattacks.

By Matthew Maher

Matt Maher is a technical director with Netwoven who has been working with Fortune 500 companies implementing large scale enterprise systems for the last 15 years. Matt is an early member of the Netwoven team and has helped grow Netwoven from it’s infancy to the current stages. Matt is passionate about blending productivity and security to enable modern workplaces. His leadership and expertise have helped companies build secure, highly effective solutions and applications. Matt holds a BS in Computer and Informational Sciences from the University of Massachusetts.

Leave a comment

Your email address will not be published. Required fields are marked *

Unravel The Complex
Stay Connected

Subscribe and receive the latest insights

Netwoven Inc. - Microsoft Solutions Partner

Get involved by tagging Netwoven experiences using our official hashtag #UnravelTheComplex