Microsoft has released new baseline Conditional Access policies — predefined rule sets that protect organizations against common digital attacks — that stand to significantly increase the security of any organization using Office 365 for Nonprofits.
The functionality provided by these polices previously required additional licensing, at additional cost, but the growing risk of identity-based attacks has led Microsoft to make basic versions of these protections available for free to promote good IT security hygiene.
These new policies equip Office 365 accounts with Multi-Factor Authentication (MFA) which is a stronger form of account verification designed to protect users by making it much harder for stolen passwords to be used to break into their accounts. MFA requires users to supply two types of authentication information to log in, generally some combination of something a person knows (e.g., a password), something a person has (e.g., a phone or laptop), and/or something a person is (e.g., in a physical location).
MFA often takes the form of a prompt or code that is sent to a user’s phone after they enter their username and password into an MFA-protected site. The protected site will not let the login process complete until the user enters a code or pushes a button to confirm that they have access to their phone.
These new policies are turned off by default. It is recommended that you turn on the End User Protection policy as soon as possible, and preferably the Require MFA for Admins policy as well. Note that turning on either policy will result in all of the users covered by that policy being immediately prompted to configure their MFA preferences. This is a one-time process that will require users to have the phone that they want to use for MFA authentication handy.
You can also learn more about these policies by reading Microsoft’s newly-updated documentation.
Jordan McCarthy is with the nonprofit Tech Impact. His email is firstname.lastname@example.org.
As we celebrate our 36th year, NPT remains dedicated to supplying breaking news, in-depth reporting, and special issue coverage to help nonprofit executives run their organizations more effectively.