In recent months, we’ve worked closely with political campaigns and parties who are protected by our AccountGuard threat notification service and conducted hundreds of security trainings ahead of the 2020 elections. We’ve heard one repeated request throughout these engagements: Those involved in the democratic process want more protection for what we call identity management, or the ability for their staff to securely log into their accounts and access their email and files while preventing unwanted intrusions. Greater security in this area would help prevent the “hack-and-leak” scenario where cybercriminals or foreign governments steal a campaign official’s emails and release them online.
Starting today, we’re bringing Microsoft’s enterprise-grade identity and access management protections to AccountGuard members in the U.S. at no cost to further help secure them ahead of the 2020 elections. We’re also announcing a new partnership with Yubico to provide phishing-resistant security keys to AccountGuard customers. For political campaigns and committees, these services will be offered through Defending Digital Campaigns, a non-profit and non-partisan organization that has been authorized by the Federal Elections Commission to provide campaigns with free or low-cost technology from a variety of companies. Our Defending Democracy Program will also work directly with democracy-focused non-profit organizations and think tanks enrolled in AccountGuard to help them use these protections.
There are a range of identity and access management protections we’ll offer as part of this, but five examples, which we believe are protections that benefit all campaigns, include:
Multi-factor authentication: While all Microsoft business and consumer email services support multi-factor authentication, what we’re announcing today contains extra protection against phishing for those using this important feature. Customers can now use the Authenticator app on their phones or hardware keys from Yubico as another factor for identity protection.
Single sign-on: This feature enables one set of credentials to be used securely across hundreds of cloud apps, making it easier for a staffer or campaign official to access the apps they need with a high level of security but also more quickly and easily.
Conditional access policies: This is the ability for a campaign to help ensure only the right people are logging into their network by setting conditions such as the behavior people can use to navigate to their accounts, where they are physically located, what kinds of devices they might be using and what applications they might be using.
Privileged identity management (PIM): This includes security features enabling campaigns to manage, control and monitor access to important resources in the organization. PIM will provide time-based and approval-based authorization to access certain resources and lessen the risk of excessive, unnecessary and misused access permissions to sensitive resources.
Access governance: Campaigns have vendors, staffers and volunteers who come and go, and this set of features helps automatically terminate access when they depart an organization or complete a project, shrinking the number of entry points for a hacker.
Our new partnership with Yubico, the recognized industry leader in physical security keys, will provide YubiKeys to AccountGuard customers for defense against phishing and other cyberattacks. Yubico will provide 10 YubiKey 5 Series security keys, to be used on compatible computers or phones, to any AccountGuard-covered organizations for free, for a limited time, plus up to an additional 40 keys at a 50% discount.
We know that many political campaigns do not have dedicated IT support staff, and today’s news comes with hands-on help for those that need it. Deployment assistance for the technologies in today’s news will be provided to AccountGuard customers as an included benefit through our FastTrack program or through our FastTrack-ready partners. A dedicated team of deployment engineers will be available to help provide remote assistance and guidance, and Microsoft partner Patriot Consulting Technology Group will offer additional onboarding support, integration and trainings.
Any AccountGuard-eligible customer can learn more about enrolling in AccountGuard or taking advantage of the tools announced today by contacting AccountGuard@microsoft.com. While we’re offering this to U.S.-based AccountGuard customers ahead of the 2020 U.S. election, we will explore offering it in other geographies in the future.