Microsoft Firms Up Cloud Portfolio With 'Extra' Security

by CXOtoday News Desk    Feb 13, 2014

Office 365

Microsoft is looking to avoid the high-profile security breaches that have plagued other cloud services. As a result it has extended multifactor authentication to the Office 365 user accounts of the web-based productivity suites that mostly contain sensitive corporate information. According to analysts, the move is part of the company’s effort to strengthen its cloud services portfolio. 

According to some in the industry, it may be just a coincidence the new user authentication for Office 365 comes only a few weeks after Microsoft plugged a security vulnerability in Office 365. But nevertheless security has always been high on the Microsoft agenda and one can assume that the software giant is firming up its Cloud Portfolio with extra security muscles.

Multifactor authentication

In a recent blog post, Microsoft’s Paul Andrew, Technical Product Manager for Office 365 writes: Until now, the two-factor authentication with Office 365 was only available to administrators. With this extra layer of security baked into Office 365, every type of organization have the option of securely logging in to their 365 account by punching in a security code sent via text message, verifying via phone, or by responding to an app notification, on top of logging in with their standard username and password.

Andrew explains that multi-factor authentication increases the security of user logins for cloud services above and beyond just a password. This addition of multi-factor authentication is part of our ongoing effort to enhance security for Office 365 that offers many robust built-in security features for all customers and also optional controls that enable subscribers to customize their security preferences.

The buzz about the multifactor authentication was there since a while. In June 2013, Microsoft announced that it will introduce a multifactor authentication, based on technology from its PhoneFactor acquisition, to Windows Azure Active Directory services. This would enable users to securely access their accounts with additional credentials provided by an app or Short Message Service text.

Microsoft officially launched this new feature in September 2013. Scott Guthrie, who succeeded Satya Nadella and is now the new cloud chief at Microsoft, said in a statement that organizations could finally leverage multifactor authentication to provide an extra layer of security for “Windows Azure, Office 365, Dynamics CRM and any third-party cloud service that supports Windows Azure Active Directory, as well as custom applications.

Read: Meet Microsoft’s New Cloud Head: Scott Guthrie

The lessons learnt

In recent years, online service providers have been plagued by security breaches causing enterprises to rethink on their cloud investments. Cloud storage company,  Dropbox, introduced a two-step authentication in 2012 after a breach that made user data susceptible to snoops. After Twitter’s major accounts had been hacked last year, it followed suit. Experts believe the recent Yahoo Mail breach is also an eye-opener for companies as they prefer multifactor authentication options on their platforms.

Microsoft is also looking to extend multifactor authentication to Office 365 client apps. As users are currently having a workaround by configuring App Passwords to secure their desktop apps, Andrew states that Office 365 customers will be able to use multifactor authentication directly from Office 2013 client applications.

The software giant is also planning to introduce two-factor authentication to Outlook, Word, Excel and other apps later this year.