Engage Users in Essential Security Practices to Deliver Secure Access for Microsoft O365
Microsoft O365 is the No. 1 target for phishing emails, a recent report suggests. Attackers use phishing emails to capture login credentials or drop malware that target vulnerabilities in out-of-date devices. Organizations use a variety of security tools and technologies in an attempt to stay one step ahead of attackers, but they can bypass security tools by directly targeting users.
From a user standpoint, security is mostly invisible - and it should be. On any given day, they have limited exposure to it in their workflow. For example: users may use a password to log into an application or a VPN to access corporate applications, but for many users that’s where security consciousness begins and ends.
While security tools do well to hide their operational complexities, they give users a false sense of security, enabling them to lower their guard. Attackers tend to take advantage of this dynamic to compromise user credentials and/or user devices. A more balanced approach is to provide users visibility into security risks and guide them to remediate those risks without additional friction.
At Duo, we designed our tools with user visibility at the core. We educate, guide and inform users when they login about the potential security risks associated with their devices before they can access their applications. For example: when users login to O365 with an out-of-date browser, they are immediately notified that the device needs to be updated. With this approach, Duo proactively encourages users to remediate risks associated with devices and prevents attackers from using a malware to compromise out of date and risky devices.
Furthermore, admins have the flexibility to choose when they inform users to update their devices and can provide them grace period to perform the updates. Admins can set policies based on out-of-date operating systems, browsers, plugins, and based on security hygiene such as encryption, biometrics, etc. of any device used for login.
If users do not update their devices during the grace period, they are blocked from access until they take a remediation action to update their devices.
Even when devices aren’t used for login, Duo provides an easy way for users to review the security posture of devices to determine if they’re using passcode locks, encryption, biometrics and more. Users can track improvements with a security score.
Duo gives admins the power to make users active participants in security. Engaging users and encouraging them to follow security best practices creates a culture of security consciousness within organizations, which can ultimately lower risk exposure and improve security hygiene.
Learn more about protecting your MIcrosoft applications with our new ebook, An Essential Guide to Zero Trust for Microsoft Applications.