News

Dear partner,

In this news update, we’ll talk about securing our own and customer environments. Over the last couple of years, Microsoft has implemented many measures to protect Microsoft 365 (formerly Office 365) and Azure environments from being compromised. The huge investment in security for both the cloud services and other Microsoft products has resulted in a very good track record. However, we are all aware that in many cases, the human factor (aka our employees) is the weakest link. Many of the of random attacks we hear about come back to the leaking of passwords via phishing links/sites. When we consider security measures, we take into account that we can’t guarantee human behavior. That means we must assume that  passwords will be compromised as a rule. Luckily, there is a solid solution to maintain security despite this: multi-factor authentication (MFA). By requiring another ‘factor’ such as a mobile phone with an authenticator app, we can make sure that a leaked password on its own is not enough to compromise your organization.

As a Microsoft Partner, you likely have access to many customer environments. Therefore, security is probably one of the biggest risks your company faces. Microsoft took a major step forward by enforcing MFA for all administrative accounts with partner center roles, helping to increase our security and raise awareness of need for security measures.

In the last months, we have seen many attacks on these accounts, both via ransomware but also because of break-ins within Azure environments. In one example of the latter scenario, the hacker gained administrative access to a CSP Azure subscription and installed crypto-mining software within a large-scale infrastructure. With the execution of one script, they deployed an infrastructure over many regions in the world with a cost exceeding 10 thousand euros per day!