Today, we’re announcing the expansion of Microsoft’s enterprise-grade identity and access management protections to all AccountGuard members in 31 democracies at no additional cost. The addition of new features to AccountGuard provides new ways to protect online accounts for political parties, candidates and their staff, health care workers, human rights defenders, journalists and certain other customers who are at greatest risk from nation-state hackers.
Last year, we announced availability of these identity and access management features to political campaigns and parties ahead of the 2020 U.S. presidential election. These identity protection offerings help ensure only authorized people can log on to an organization’s systems and make it more difficult for hackers to impersonate legitimate staff. Our pilot showed that organizations taking advantage of these tools saw an 18% improvement in their Microsoft Identity Protection Security Score. Security Score is an automated assessment of an organization’s ability to withstand security threats. Based on this successful feedback, we are extending this offering to all eligible AccountGuard customers including human rights organizations, newsrooms and health care organizations in the 31 democracies where AccountGuard is available.
Five of those democracies – the Netherlands, Finland, Germany, Estonia and the Czech Republic – have upcoming national elections. Improving the security of political actors – particularly in an election year – is a critical step to help prevent “hack-and-leak” operations where cybercriminals or foreign governments steal a campaign official’s emails and release them online, which in turn can help fuel disinformation campaigns. These challenges pose an even greater concern in an environment where much of the campaign coordination and even the campaigning itself is taking place online in light of the COVID-19 pandemic.
Last week, we also announced the general availability (GA) of passwordless authentication solutions for Azure Active Directory (Azure AD), to reduce the risk from phishing and password attacks and give users an easy and convenient way to sign in and access their accounts without the dependency of passwords.
We’re also expanding our partnership with Yubico to provide as many as 25,000 phishing-resistant hardware security keys to AccountGuard customers. YubiKeys are our preferred hardware security keys for high-risk and high-profile AccountGuard customers due to the product’s advanced levels of security, usability and unique multi-protocol support that allows it to work across an entire enterprise. As of today, all existing and new Microsoft AccountGuard customers will have access to a limited number of free YubiKeys*, depending on the organization size, to be used on compatible computers and mobile devices.
There are also a range of identity and access management protections we’ll offer as part of this, which we believe will benefit all organizations. They include:
Multi-factor authentication (MFA): While all Microsoft business and consumer email services support multi-factor authentication, what we’re announcing today contains extra protection against phishing for those using YubiKey hardware MFA. Customers can also use the Authenticator app on their phones as another factor for identity protection.
Single sign-on: This feature enables one set of credentials to be used securely across hundreds of cloud apps, making it easier for a staffer or campaign official to access the apps they need with a high level of security but also more quickly and easily.
Conditional access policies: This is the ability for a campaign to help ensure only the right people are logging into their network by setting conditions such as the behavior people can use to navigate to their accounts, where they are physically located, what kinds of devices they might be using and what applications they might be accessing.
Privileged identity management (PIM): This includes security features enabling campaigns to manage, control and monitor access to important resources in the organization. PIM will provide time-based and approval-based authorization to access certain resources and lessen the risk of excessive, unnecessary and misused access permissions to sensitive resources.
Access governance: Campaigns have vendors, staffers and volunteers who come and go, and this set of features helps automatically terminate access when they depart an organization or complete a project, shrinking the number of entry points for a hacker.
In order to provide dedicated support to AccountGuard customers and to ensure they can easily onboard these new features, a team of deployment engineers will be available to help provide remote assistance and guidance. In addition, Microsoft Elite Security Partner Patriot Consulting Technology Group will offer additional onboarding support, integration and trainings free of charge. Patriot Consulting has helped dozens of AccountGuard customers harden their Office 365 environment through both virtual training sessions and one-on-one consultations. They bring a deep understanding of the AccountGuard program and offer resources tailored to the unique security needs of our members.
Democratic processes and institutions are the cornerstone of any democracy globally. Helping to secure them has been and will remain a core commitment of Microsoft’s Defending Democracy Program and we are grateful to all our partners, like Yubico, for stepping up alongside us.
*Shipping locations limited to the US, Canada and EMEA.