Enable risk-based multi-factor authentication challenges.Enforce registration for multi-factor authentication.Educate your users to not re-use their organization passwords for non-work related purposes.Ban common passwords, to keep the most vulnerable passwords out of your system.Don't require mandatory periodic password resets for user accounts.Don't require character composition requirements.Maintain an 8-character minimum length requirement (longer isn't necessarily better).This Microsoft 19 pages whitepaper is great at explaining the new rationale behind the 7 top recommendations.Ĭurrent recommendations for Office 365 administrators are directly coming from this research and can be recalled here: Microsoft and other great actors of this industry have evolved their recommendations in the past years. How to use OneDrive to sync a password file.So the very first step to raising end-users practices in cybersecurity should be targeted on encouraging correct passwords management. It is a well known fact that a vast majority of cyber attacks (81% according Aabha Thipsay Sr Porgram Manager at Microsoft in BRK3106 see below) to imply password compromising or identity theft at some point. So this is the target of this series of posts to explore some practical effort you can propose and promote inside your organization to better handle nowadays threats. Despite many great security tools, features and options, if your end-users do not understand or implement correct security practices, all effort securing the environment can be reduced to nothing. This is exactly the case with Microsoft 365. Successful cybersecurity practices depend on creating a culture of security awareness.īelfer Center for Science and International Affairs, Harvard Kennedy School Cybersecurity Campaign Playbook The best technological solutions in the world will have no effect if they are not implemented properly, or if they are not continuously updated as technology evolves. Cybersecurity is fundamentally a human problem, not a technical one.
0 kommentar(er)
