fbpx Microsoft Entra: 5 Identity Priorities for 2023 | Superhub

This website is using cookies.

We use only non-persistent cookies that are essential for the normal functionality of the site. No personal data are stored in our cookies.

Joy Chik President, Identity & Network Access

 

Welcome to 2023.

After the pandemic upended how we work, learn, play, and manage our lives, we find ourselves more connected than ever, with more convenient access to an ever-wider range of online tools and experiences. But as our global digital footprint continues to grow, so does the risk of cyberthreats. And now, economic uncertainty is challenging the very resources organizations need to defend against escalating attacks.

As the first line of defense, identity has become the new battleground. This is evident from the huge volume of attacks that we intercept at Microsoft.1 For example, we see 1,287 password attacks every second, or more than 111 million a day. This past year, password breach replay attacks grew to 5.8 billion per month, while phishing attacks rose to 31 million per month and password spray attacks soared to five million per month.

Figure 1: Growth in password-related attacks between 2018 and 2022.

Clearly, bad actors aren’t standing still. So, neither can we.
As organizations look for opportunities to do more with less, they’re no doubt considering how security teams can contribute. With that in mind, I’d like to share five identity priorities for 2023 that will pay off in ways you can actually measure:

  1. Protect against identity compromise using a “Defense in Depth” approach.
  2. Modernize identity security to do more with less.
  3. Protect access holistically by configuring identity and network access solutions to work together.
  4. Simplify and automate identity governance.
  5. Verify remote users in a cheaper, faster, more trustworthy way.

By adopting the latest identity innovations, you can better protect both your digital estate and your budget.

1. Protect against identity compromise using a “Defense in Depth” approach

While credential attacks are still devastatingly effective, cybercriminals are also escalating in ways that are much harder to detect; for example, bypassing basic multifactor authentication and manipulating users into giving up their credentials or second factors. They’re also infiltrating organizations through their suppliers, scouring GitHub repositories for credentials embedded in code, and stealing tokens. The most sophisticated and well-funded attackers are even attempting to take over the infrastructure that issues tokens.

Protecting user accounts is critical but no longer enough. You now must protect every layer of your identity ecosystem, including non-human or workload identities, plus the infrastructure that provides, stores, and manages all your identities. Your best bet is a Defense in Depth approach that requires close collaboration between your security operations center (SOC) and identity teams:

  1. Security posture management: Monitoring your organization’s identity systems and identifying misconfigurations, vulnerabilities, and missing or bad policies and controls.
  2. Real-time protection and remediation with identity: Enforcing Conditional Access policies based on risk aggregated from multiple sources on any suspicious activity related to user accounts in the directory.
  3. Identity threat detection and investigation: Examining signals from all corners of your digital estate to reveal anomalous patterns too subtle for any individual tool or team to detect.

To assist your Defense in Depth approach, Microsoft provides unified, customizable experiences across Microsoft Entra, Microsoft Defender for Identity, and Microsoft Sentinel.

The first step you can take— and your best return on investment— is to turn on multifactor authentication, a feature included with every subscription to Microsoft Azure Active Directory (Azure AD), part of Microsoft Entra.2 In our experience, of all accounts compromised in a single month, more than 99.9 percent didn’t use multifactor authentication. Employing phishing-resistant multifactor authentication methods such as Windows Hello, FIDO 2 security keys and passkeys, and certificate-based authentication (CBA) will further reduce your risk. We also recommend blocking legacy authentication, because less secure protocols like POP and IMAP can’t enforce multifactor authentication.3

Where to start: Learn more about Azure AD and Microsoft Defender.

 

2. Modernize identity security to do more with less

It may be tempting to stick with legacy technologies when they’re tested, familiar, and do an okay job for now, like an old car that manages to get you to and from work even with the engine warning light flashing. You may be understandably worried about business disruption and the cost of transitioning from old to new, but “patchwork quilts” of inflexible and poorly integrated technologies are expensive to maintain and leave gaps in your defenses. And since cybercriminals continue to innovate their tactics, your risk will only increase.

Modern, cloud-native identity solutions such as Microsoft Entra are more resilient, more scalable, and more secure against modern threats. They’re also better equipped to accommodate the rapid changes to products, services, and business processes necessary to compete in today’s unpredictable business environment. You can significantly increase business agility, better fortify your environment against future threats, and save money by taking advantage of the advanced, integrated features available in Microsoft Entra.

Modernization is less daunting if you break it down into well-defined, time-bound projects with clear benefits. Start by migrating off of Active Directory Federation Services (AD FS) to simplify your environment and retire those on-premises servers (if CBA has been a blocker for you, it’s now available in Microsoft Entra).4 Next, connect pre-integrated applications to Azure AD to gain advantages such as single sign-on.5 Finally, inventory your security environment, consolidate any redundant tools to reduce your management burden, and apply your subscription savings to other priorities.

Where to start: If you’re using AD FS, explore the benefits of modernizing identity and access capabilities.

 

3. Protect access holistically by configuring identity and network access solutions to work together.

As any sports fan knows, highly skilled defenders are far more effective when they communicate and work together. You can strengthen your overall security posture by integrating tools that currently operate in silos. For example, many organizations employ network access solutions that recognize device- and network-related risks and prevent bad actors from crossing the network to compromise on-premises and legacy web-based applications. But many of these tools lack in-depth identity awareness, which can weaken your secure access posture.

Applying a Zero Trust approach means explicitly verifying every access request using every available signal. You can get the most detailed picture of session risk by combining everything the network access solution knows about the network and device with everything the identity solution knows about the user session.

If your network access vendor is part of the Microsoft Secure Hybrid Access program, you can integrate their solution with Azure AD.6 This way, the on-premises applications and custom or legacy web-based apps you’re protecting with your network access solution also gain many of the same benefits that pre-integrated apps enjoy.7

Where to start: Learn how to integrate your network access solution with Azure AD.

 

4. Simplify and automate identity governance

Security awareness and mitigation efforts often focus on protecting your organization from external threats, such as hackers employing stolen or easily guessed credentials. But threats can be internal, too. For example, users tend to accumulate access to apps and resources they no longer need. Similarly, organizations sometimes forget to remove access granted to external collaborators when projects or contracts end. Organizations even discover still-active accounts of former employees that retain access to critical resources.

This is where identity governance comes in. Because governance helps to reduce internal risk— whether from simple neglect or actual malfeasance— it’s critical for organizations of every size, geography, and industry. Microsoft Entra Identity Governance is a complete identity governance solution that helps you comply with regulatory requirements while increasing employee productivity through real-time, self-service, and workflow-based entitlements. It extends capabilities already available in Azure AD by adding Lifecycle Workflows, separation of duties, and cloud provisioning to on-premises apps. Because it’s cloud-delivered, Microsoft Entra Identity Governance scales to complex cloud and hybrid environments, unlike traditional on-premises identity governance point solutions.

If you already have an identity governance solution in place, you’ll save money, reduce complexity, and close security gaps by consolidating multiple point solutions and adopting a solution that grows with you.

Where to start: Learn more about the Microsoft Entra Identity Governance Preview and try it for free today.

 

5. Verify remote users in a cheaper, faster, more trustworthy way

Identity verification for customers and employees is a significant expense for many organizations. When people apply for school admissions, loans, and jobs, a lot of time goes into the manual collection and verification of documents to prove age, citizenship, income, skills, professional experience, and more. If you collect and store such information in a centralized database, then you’re responsible for everything it takes to fully secure and protect it. This not only creates risk for you, but it also creates risk for your employees or customers— they naturally want control over who accesses their personal information and how it gets used.

Verifiable credentials introduce the concept of a per-claim trust authority. The trust authority populates a credential with a claim about you that you can store digitally. For example, a loan officer can confirm your current employment by requesting digital credentials issued by your employer and verifying them in real time. Our standards-based implementation, Microsoft Entra Verified ID, helps organizations reduce the burden of identity verification and simplify processes such as new employee onboarding. Since we launched it in August 2022, customers worldwide have already started using it to streamline verification processes.

Verified ID is currently available to all Azure AD customers at no additional charge. You can use APIs to create custom apps with simple and privacy-respecting identity verification built in.8

Where to start: Learn more about Verified ID.

 

Microsoft can help you secure more with less

As you kick off the new year, the strategies outlined in this blog can help you navigate tough decisions on where to focus your energies and how to empower your organization to do more with less. Our recommendations come from serving thousands of customers, collaborating with the industry, and protecting the digital economy from ever-evolving threats. We look forward to continuing our partnership with you— from day-to-day interactions to joint deployment planning to direct feedback that informs our strategy. As always, we remain committed to building the products and tools you need to defend your organization throughout 2023 and beyond.

Ref:
Microsoft

1Your Pa$$word doesn’t matter, Alex Weinert. July 9, 2019.

2How it works: Azure AD Multi-Factor Authentication, Microsoft. August 25, 2022.

3New tools to block legacy authentication in your organization, Alex Weinert. March 12, 2020.

4Overview of Azure AD certificate-based authentication, Microsoft. October 18, 2022.

5What is single sign-on in Azure Active Directory? Microsoft. December 7, 2022.

6Secure hybrid access through Azure AD partner integrations, Microsoft. July 8, 2022.

7Benefits of migrating app authentication to Azure AD, Microsoft. December 15, 2022.

8Request Service REST API, Microsoft. September 4, 2022.

Superhub
Font Size:
  • A
  • A
  • A
  • Support
  • Web Mail
EN
  • #worksmarter with SUPERHUB
  • 202111_Barracuda_Campaign_Terms&Conditions
  • 3HK Teams Offer
  • 5 New Ways to Achieve More in the Modern Workplace
  • Biz Sol Questionnaire
  • CEC Calendar
  • CEC Calendar Detail
  • Compare Plan Form – M365
  • Consultation Form – Azure
  • D-Biz Fund Offer
  • Enquiries for D-Biz Program
  • Enquiries for Law Tech Fund Program
  • Evaluation form (Adobe 18 Feb)
  • Evaluation form (Adobe 6 May)
  • Evaluation form (AEC 15Sept)
  • Evaluation form (App365 21 Jun)
  • Evaluation form (AVD 21 Apr)
  • Evaluation form (Azure 7Dec)
  • Evaluation form (AzureMediaServices 20Oct)
  • Evaluation form (Barracuda 16Nov)
  • Evaluation form (Barracuda 21Jan2022)
  • Evaluation form (Barracuda 25May2022)
  • Evaluation form (CloudAppSecurity 19Oct)
  • Evaluation form (Covid Care Apps 26 Apr)
  • Evaluation form (D-Biz)
  • Evaluation form (DMS 22Jul)
  • Evaluation form (EMS 16Sept)
  • Evaluation form (Fortinet 17Jun)
  • Evaluation form (GalaxyOne x ESi)
  • Evaluation form (Manage+ 27May)
  • Evaluation form (Modern+ 29 Mar)
  • Evaluation form (MS x VMware 15 Feb)
  • Evaluation form (MS-SMB-2022)
  • Evaluation form (ParaDM on Azure 26Aug)
  • Evaluation form (Phone+ 12 Apr)
  • Evaluation form (PowerBI 4Nov)
  • Evaluation form (Safeti+ 17 Mar)
  • Evaluation form (Security 12Aug)
  • Evaluation form (Security 22Jun)
  • Evaluation form (Sophos 28 April)
  • Evaluation form (Sophos 2Dec)
  • Evaluation form (Superhub M365 x App365)
  • Evaluation form (Superhub SharePoint Intranet)
  • Evaluation form (Superhub x Achiever)
  • Evaluation form (Superhub x Barracuda)
  • Evaluation form (Superhub x Bigazines)
  • Evaluation form (Superhub x Fortinet x Microsoft)
  • Evaluation form (Superhub x Jabra)
  • Evaluation form (Superhub x Veeam)
  • Evaluation form (Teams 28Sept)
  • Evaluation form (Teams Voice 24Jun)
  • Evaluation form (Viva 23Feb)
  • Evaluation form (Windows365 29Sept)
  • FAQ
  • FAQ Form – WVD Website
  • Form
  • Form – WVD Website
  • Fortinet OnDemand Form
  • Free Consultation form – BCP
  • Free Trial Form – M365
  • General Form
  • General Form
  • header-test
  • Jabra Bundle Offer
  • Jabra free demo form
  • KL-Apr20-PPT
  • KL-Apr2021-ToDo
  • KL-Aug20-Whiteboard
  • KL-Aug2021-Forms
  • KL-Dec19-Teams2
  • KL-Dec2020-Lists
  • KL-Dec2021-Teams
  • KL-Feb20-OneNote
  • KL-Feb2021-Teams
  • KL-Jan20-Outlook
  • KL-Jan2021-Polls
  • KL-Jul19-OneDrive
  • KL-Jul19-OneNote
  • KL-Jul19-PowerPoint
  • KL-Jul20-Excel
  • KL-Jul2021-Outlook
  • KL-Jun20-Excel
  • KL-Jun2021-Teams
  • KL-Mar20-Teams
  • KL-Mar2021-Approvals
  • KL-May20-Excel
  • KL-May2021-Outlook
  • KL-Nov19-Planner
  • KL-Nov2020-planner
  • KL-Nov2021-VivaInsights
  • KL-Oct19-OneDrive
  • KL-Oct2020-Excel
  • KL-Oct2021-Whiteboard
  • KL-Sept19-Teams
  • KL-Sept2020-Teams
  • KL-Sept2021-Edge
  • Knowledge Library
  • Knowledge Library – Outlook
  • Knowledge Library (Lite Version)
  • Knowledge Library Detail
  • Leaflet Form – WVD Website
  • Legal
  • M365 Brochure-website
  • Market Leader in Cloud Solutions
  • Microsoft SharePoint Demo Form
  • Monthly Tips
  • Monthly Tips Detail
  • Our Clients
  • Our Clients Detail
  • Our Updates / Our News
  • Our Updates / Our News Detail
  • Overview
  • Partner Overview
  • Partner seminar evaluation form
  • Partner Sign Up Form
  • Partnership Models
  • Product – Adobe Document Cloud – Adobe Acrobat
  • Product – Adobe Document Cloud – Adobe Acrobat Sign
  • Product – App365+ – Benefits
  • Product – App365+ – Features
  • Product – App365+ – Overview
  • Product – Azure AAD / AADC
  • Product – Azure ASR / DR
  • Product – Azure File server / Back Up
  • Product – Azure Virtual Desktop – Overview
  • Product – Business Applications – Teams Advanced Solutions
  • Product – CloudBackup 365 – Overview
  • Product – CloudBackup365 – Features
  • Product – CloudBackup365 – Why?
  • Product – Domain and Web – Domain Name
  • Product – Dynamics 365 – Dymanics 365 Business Central Essentials
  • Product – Dynamics 365 – Overview
  • Product – Email Archiving – Key Features
  • Product – Email Archiving – Overview
  • Product – Email Signature – Example Signature
  • Product – Email Signature – Overview
  • Product – Email Signature – Overview – Old
  • Product – Enterprise Mobility – Compare Plans
  • Product – Enterprise Mobility – Features
  • Product – Enterprise Mobility – Overview
  • Product – Exchange Online – Compare Plans
  • Product – Exchange Online – Overview
  • Product – Exchange Online – Superhub “+”
  • Product – Hosted Exchange – Compare Plans
  • Product – Hosted Exchange – Features
  • Product – Hosted Exchange – Overview
  • Product – Hosted Exchange – Why?
  • Product – HR365 – Benefits
  • Product – HR365 – Features
  • Product – HR365 – Overview
  • Product – Microsoft 365+ – Compare Plans (201912)
  • Product – Microsoft 365+ – Future Reference
  • Product – Microsoft 365+ – Learn More
  • Product – Microsoft 365+ – Mini Page – Compare Plans
  • Product – Microsoft 365+ – Overview
  • Product – Microsoft 365+ – Overview (201912)
  • Product – Microsoft 365+ – Product Page
  • Product – Microsoft 365+ – Product Page – Old Draft
  • Product – Microsoft 365+ – Product Page-Old
  • Product – Microsoft 365+ – Superhub “+”
  • Product – Microsoft 365+ – Superhub “+” (201912)
  • Product – Microsoft 365+ – What does M365 do? (201912)
  • Product – Office 365 Backup – Features
  • Product – Office 365 Backup – Overview
  • Product – Office 365 Backup – Why?
  • Product – Office 365+ – Compare Plans
  • Product – Office 365+ – Compare Plans
  • Product – Office 365+ – Migration
  • Product – Office 365+ – Office Suite
  • Product – Office 365+ – Overview
  • Product – Office 365+ – Superhub “+”
  • Product – Office 365+ Training – Compare Plans
  • Product – Office 365+ Training – Overview
  • Product – Office 365+ Training – Why training with Superhub?
  • Product – ParaDM SmartShare
  • Product – Professional & Managed Service – Modern Workplace
  • Product – SharePoint – Overview
  • Product – Superhub Azure + – Managed Azure Service
  • Product – Superhub Azure + – Overview
  • Product – Superhub Azure + – Overview (Old)
  • Product – Superhub Azure + – Overview Old Version
  • Product – Superhub Azure + – Sample Solutions
  • Product – Superhub Azure + Web Hosting – Features
  • Product – Superhub Azure + Web Hosting – Overview
  • Product – Superhub Azure +- Features
  • Product – Superhub Azure Web Hosting – Why
  • Product – Superhub Azure+ – Benefit
  • Product – Superhub Azure+ Bundle – ADFS Connect
  • Product – Superhub Azure+ Bundle – Identity Sync
  • Product – Superhub Azure+ Bundle – Why?
  • Product – Teams Voice – Features
  • Product – Teams Voice – Overview (old)
  • Product seminar evaluation form
  • Promotion Order Page
  • Resources/Blog and Trend
  • Resources/Blog and Trend Detail
  • Solutions – Managed & Adoption Services – Business Solutions
  • Solutions – Managed & Adoption Services – Cloud Infrastructure
  • Solutions – Managed & Adoption Services – Modern Workplace
  • Solutions – Managed & Adoption Services – Product Training Service – Course Outline
  • Solutions – Managed & Adoption Services – Product Training Service – Overview
  • Solutions – Managed & Adoption Services – Security – Cybersecurity Awareness
  • Solutions – Managed & Adoption Services – Security – Microsoft Security Workshops
  • Solutions – Managed & Adoption Services – Security – Overview
  • Solutions – Other Solutions – Email Signature
  • Solutions – Other Solutions – Hybrid Cloud
  • Solutions – Other Solutions – Overview
  • Solutions – Other Solutions – Talent Management
  • Super Customer Awards – Terms and Conditions
  • Superhub Cloud Adoption Survey
  • Superhub COVID-19 Survey
  • Superhub COVID-19 Survey Cover
  • Superhub D-Biz | #worksmarter
  • Superhub D-Biz Cover
  • Superhub D-Biz Survey
  • Superhub Shop Now
  • Superhub Teams Offer
  • Superhub Webinar Evaluation Form
  • Superhub x ACT Form
  • Teams Room Open Day Register
  • Technologies – Business Solutions – Apps365 – eLeave
  • Technologies – Business Solutions – Microsoft Power BI
  • Technologies – Business Solutions – Microsoft Power BI_Maintenance
  • Technologies – Business Solutions – Microsoft Power Platform – Maintenance
  • Technologies – Business Solutions – Microsoft Power Platform – Overview
  • Technologies – Business Solutions – Workflow Automation
  • Technologies – Cloud Infrastructure – VMware AVS_Maintenance
  • Technologies – Cloud Infrastructure – VMware Horizon_Maintenance
  • Technologies – Modern Workplace – Adobe
  • Technologies – Modern Workplace – Microsoft Teams
  • Technologies – Modern Workplace – Microsoft Teams Phone
  • Technologies – Modern Workplace – Microsoft Teams Rooms
  • Technologies – Modern Workplace – Windows365
  • Technologies – Modern Workplace – Windows365_maintenance
  • Technologies – Security – Barracuda
  • Technologies – Security – Fortinet
  • Technologies – Security – Fortinet_Maintenance
  • Technologies – Security – Sophos_Maintenance
  • Terms
  • About Us
  • About Us (Backup)
  • Benefits
  • Culture and Values
  • Our Leadership
  • Privacy Policy
  • Terms of Service
  • Super Customer Award
  • Why Superhub
  • Why Superhub (backup)
  • Contact Sales
  • Contact Support
  • Login
  • Products
  • Guide Documents
  • Service Forms
  • Contact Us
  • Frequently Asked Questions
  • How-to
  • Service Links
  • How-to-detail
  • Contact & Payment
  • Help Center
  • How-To & FAQ Articles
  • Technologies
    Technologies
    • Modern Workplace
      1. Office 365
      2. Microsoft 365
      3. Windows 365
      4. Microsoft Teams
      5. Microsoft Teams Phone
      6. Dropsuite
      7. MailVault
      8. Crossware
    • Security
      1. Microsoft Enterprise Mobility Security (EMS)
      2. Barracuda
      3. Sophos
      4. Fortinet
    • Cloud Infrastructure
      1. Microsoft Azure
      2. Azure Virtual Desktop
    • Business Solutions
      1. App365
      2. Adobe
      3. Powell Teams
      4. Microsoft SharePoint
      5. Microsoft Power Platform
      6. Microsoft Power BI
      7. Microsoft Dynamic 365
    • Exchange Email and Domain
      1. Exchange Online
      2. Hosted Exchanged
      3. Domain Name
  • Solutions
    Solutions
    • Managed and Adoption Services
      1. Modern Workplace
      2. Cloud Infrastructure
      3. Business Solutions
      4. Security
    • Other Solutions
      1. Back Up
      2. Email Security
      3. Email Signature
      4. Email Archiving
      5. Virtual Desktop
      6. Talent Management
      7. Hybrid Cloud
    •  
      1. Virtual Desktop
      2. Talent Management
      3. Hybrid Cloud
  • Success Stories
  • Why superhub
  • Insights
    Insights
    • Our News
    • Our Events
    • Our Blogs
  • About Us
Shop Now

 

 

More from my site

  • 2023 identity security trends and solutions from Microsoft2023 identity security trends and solutions from Microsoft
  • 5 Reasons to Adopt a Zero Trust Security Strategy for Your Business5 Reasons to Adopt a Zero Trust Security Strategy for Your Business
  • New Microsoft Security Innovations Expand Multicloud Visibility and Enhance Multiplatform ProtectionNew Microsoft Security Innovations Expand Multicloud Visibility and Enhance Multiplatform Protection
  • Azure AD is Becoming Microsoft Entra IDAzure AD is Becoming Microsoft Entra ID

Let’s #worksmarter with superhub

Empowering your business by exploring new insights with
innovative products and modern cloud solutions.

Let’s Talk
  • About Us
  • Support
  • Why superhub
  • Success Stories
  • Contact Us
  • Web Mail
  • Linkedin
  • Youtube
  • Facebook

  • Technologies
    1. Modern Workplace
    2. Security
    3. Cloud Infrastruture
    4. Business Solutions
    5. Exchange Email and Domain
  • Solutions
    1. Managed and Adoption Services
    2. Other Solutions
  • Insights
    1. Our News
    2. Our Events
    3. Our Blogs

Subscribe to our eNewsletter

Microsoft Partner Microsoft Partner

© 2023 superhub, All Rights Reserved.

  • Sitemap
  • Privacy Policy
  • Terms of Service