How Microsoft Solutions Can Help Identify Your Leaked Credentials
Hackers are dedicated to getting into and compromising your systems. They can use sophisticated coding techniques to get around or break through your security defenses. Unfortunately, many times that type of extensive effort isn’t necessary because organizations make it easy for hackers to steal credentials by failing to have adequate defenses in place.
In total, according to Microsoft, tens of millions of credentials are exposed every month and are added to growing lists on the dark web. These stolen user IDs and passwords are extremely valuable to cyber thieves since three of every four users re-use credentials across multiple sites and continue to use the same credentials for years.2
Chances are many of your users’ credentials are included in these publically posted lists. They represent a ticking time bomb that can shatter the security of your system at any time. Up to now, it’s been difficult to find out which users’ identities and passwords have been compromised. But new functionality from Microsoft now enables you to detect these leaked credentials and take rapid corrective action to defend yourself.
Microsoft’s Azure Active Directory (Azure AD Premium Plan 2) is an identity and access management cloud solution that provides directory services, identity governance, and application access management. A new feature of Azure AD scours the dark web to discover account credentials that have been posted publicly. Azure AD Premium customers now have access to a report that details this information so they know which credentials have been leaked so they can better protect their systems and data.
This new feature is just the latest in a long line of other security capabilities of Azure AD Premium Plan 2. The solution helps to secure your application portfolio with one identity that provides single sign-on for all apps. You can further control access with this functionality based on device state, user, location, application, and risk.
Azure AD also offers multi-factor authentication (MFA) capabilities providing more protection by requiring users to have a security token or biometric verification in addition to their passwords to gain access to your system. The solution also provides additional oversight of user privileges and just-in-time administrative access.
Cybercriminals are working hard to overcome your security systems and gain access to your data. The increased security protection for your credentials is included as part of the Microsoft EMS E3/E5 bundle license.
Contact Interlink Cloud Advisors to learn more about this valuable defense that can help find and stop leaked information from compromising the security of your systems.
1 63% of Data Breaches Involve Weak, Default or Stolen Passwords, by Neil Ford, IT Governance, May 4, 2016.
2 Azure Active Directory Premium reporting now detects leaked credentials, by David Howell, Microsoft Cloudblogs, June 15, 2015.
About the author
Matt Scherocman brings more than 25 years of experience in the information technology industry to Interlink Cloud Advisors. His experience includes both the system integrator and manufacturer sides of the business. During his time at the Microsoft Corporation, he was responsible for all the Large Account Reseller (LAR) relationships in the four state Heartland Area of Michigan, Ohio, Kentucky, and Tennessee. Prior to Microsoft, Scherocman led a Cincinnati based IT consulting company to grow 5000% and become a Microsoft Worldwide Partner of the Year. He is actively involved in the strategic vision and operation decisions of the company including finance, selling strategy and marketing. Matt holds a Bachelor of Science in Business degree from Miami University and is a Certified Expert in Microsoft licensing including speaking engagements at both Microsoft's Worldwide Partner Conference and Channel Partner Summit. He is a frequent contributor to leading industry publications.
Welcome to the Interlink Cloud Blog
All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.