29 May Securing Microsoft 365 using WatchGuard AuthPoint 2FA

Posted at 11:42h in Cyber Security by

Businesses all over the UK have been no stranger to increased cybercrime, in fact, it rose by a third during the pandemic whilst users have been working from home. These crimes include things like staff receiving phishing emails from cybercriminals pretending to be the CEO/MD asking staff to order £100 Amazon gift cards and to send them the code so they can give them out as employee rewards.

Watchguard predicted in 2021, Cyber Criminals would find new ways to attack individuals and their devices both at home and at work. As employees continue to operate in a hybrid of at home and in the office, it’s important to protect when they’re outside of the protection of the office firewall.

In this blog we want to explain what Watchguard AuthPoint Multi-Factor Authentication (MFA) is, and how it secures Microsoft 365 and protects your users whilst they stay connected in the workplace or at home.

What is AuthPoint?

AuthPoint is WatchGuard’s multi-factor authentication (MFA) service. With AuthPoint, you can require users to authenticate with the AuthPoint mobile app or a third-party hardware token when they login to a protected resource, such as a computer, VPN, or a cloud service or application.

AuthPoint uses the latest MFA methods to protect your trusted resources from unauthorized access. You can choose different authentication methods for specific user groups and applications:

  • Push Notification: When you log in, AuthPoint sends a push notification to your mobile device that you approve to authenticate and log in or deny to prevent an access attempt that was not made by you.
  • QR Code: When you log in, you scan a QR code with the AuthPoint mobile app and use the verification code you receive to authenticate (AuthPoint uses secure QR codes that can only be decrypted by the AuthPoint mobile app).
  • One-Time Passcode: An OTP is a unique, temporary password available in the AuthPoint app that you use to authenticate.

Where can I use AuthPoint?

AuthPoint can be used to protect access to a range of your resources, including your WatchGuard SSL VPN as well as a range of Cloud Hosted Services – like Microsoft 365, Dropbox, SalesForce and more.

AuthPoint and Microsoft 365

With the ever-changing industry that is IT, keeping your company secure is more vital than ever. One part of that is keeping access to your company resources, like Microsoft 365 emails and documents, secure and protected.

AuthPoint allows you to protect multiple solutions at once, including Microsoft 365, by removing the old fashioned 6-digit code text to your phone and introducing a single solution protecting all your resources under one roof.

The AuthPoint app allows your users to authenticate right from their own phone! No need to carry key fobs or thumb drives; instead, install and activate the AuthPoint app in seconds, and then use it to authenticate from a smartphone.

When logging into Microsoft 365, users will be prompted for their normal username and password, which then subsequently will prompt them to authenticate themselves using the simple and easy to use AuthPoint app.

AuthPoint comes with policies as well, allowing you to restrict access to Microsoft 365 based on different factors. Allowing you to have complete control over how your resources are accessed:

  • Where? Using AuthPoint, you can restrict access to Microsoft 365 for example for users who are only either in your office or on your VPN connection.
  • When? You can also restrict the time period that your users can access Microsoft 365, restricting certain groups of staff to only working hours.
  • Who? If you only have certain users who you want to be able to access a resource, like an HR portal, you can specify groups of users who are allowed access.

 

Why Multi-Factor Authentication (MFA)?

Passwords can be stolen by cybercriminals, potentially giving them access to your online accounts. However, accounts that have been set up to use 2FA will require an extra check, so even if a criminal knows your password, they won’t be able to access your accounts.

Multi-factor authentication (MFA) extends beyond the traditional methods of two-factor authentication (F2A) and consists of a three-pronged approach, asking users to provide: something that they know, on something that they have in order to positively identify a specific person. You should always consider using multi-factor authentication for all important accounts and internet-facing systems.