Limit rising security threats with passwordless MFA from Transmit Security and Microsoft

Limit rising security threats with passwordless MFA from Transmit Security and Microsoft

This article is contributed. See the original author and article here.

In this guest blog post, Ravit Aviv, Technology Alliances Director at Transmit Security, discusses passwordless multifactor authentication and how Transmit Security works with Microsoft Azure Active Directory B2C.


 


We are all too familiar with the problems of passwords. New data from Microsoft provides a unique perspective on the state of cybersecurity based on 43 trillion signals from billions of logins every day. The 2022 Microsoft Digital Defense Report reveals:



  • The volume of password attacks has risen to roughly 921 attacks every second.

  • Password attacks increased 74 percent in the past year.

  • Roughly 20 percent of people reuse the same passwords for many websites and apps, making them easy targets for credential stuffing or password spraying.

  • Over 90 percent of accounts compromised by password attacks lack strong multifactor authentication (MFA), like SMS OTPs or FIDO2 authentication.


 


The report goes on to say, “We have seen a rise in targeted password spray attacks, with very large spikes in the volume of attacker traffic spread across thousands of IP addresses.” The attackers’ efforts to hide from standard defenses and remain untraceable highlight yet another problem. Threats are growing more sophisticated.


 


Why replace passwords and basic MFA?



MFA has become essential to fend off the growing volume of digital identity threats and prevent account takeover (ATO) fraud. But for many organizations, SMS one-time passcodes (OTPs), magic links, and authenticator apps add more friction than their customers will tolerate.


 


More importantly, these multi-step MFA methods are still vulnerable to smishing, man-in-the-middle, and other attacks, resulting in a clunky customer experience that is susceptible to compromise.


 


PSD2 compliance: Is your MFA strong and simple enough?



To comply with security regulations like PSD2’s strong customer authentication (SCA), most financial services use SMS OTPs or an authenticator app. But the added friction of having to download and use an app reduces the customer adoption rate, and OTPs can lead frustrated customers to call support or drop off entirely.



The combination of an OTP and a password technically meets the requirement for two factors, but this won’t prevent ATO fraud if the device is infected with spyware or the session is hijacked. To take over accounts at scale, hackers are now using OTP interception bots that make it easier than ever to snag passcodes in transit. Plus, some bad bots bypass OTP authentication altogether.


 


How passwordless MFA works differently



When you authenticate customers based on FIDO2, the most current set of passwordless standards by the FIDO Alliance, you know who is accessing the account. And, if done correctly, you completely eliminate shared secrets — not just passwords but OTPs and all data that could expose you to attacks.
With true passwordless authentication, customers simply use a fingerprint or facial biometric to achieve the strongest form of MFA in one simple user action. Logging in is faster, easier, and vastly more secure.



How is it multifactor? Only the real customer’s biometric (inherence factor) unlocks a private key (possession factor) stored on the user’s device.



What’s to prevent the biometric and private key from being compromised? By leveraging public key cryptography (PKI), the biometric and the private key remain secure, never leaving the user’s device. The private key signs the authentication challenge, and only the signed challenge, void of any identifying data, is sent over the web. On the receiving end, the matching public key is used to verify the challenge. It all happens in a few seconds, and you’ll know who the individual is with a high level of confidence.



Key differentiators to look for in a passwordless solution



  • MFA by design: Methods should include FIDO-based passwordless and passkeys.

  • With or without an app: Gain flexibility to optimize customer experience and security as needed.

  • Omnichannel experiences: Let users move across channels with a single identity.

  • Multi-device support: Enable users to log in from any of their devices.

  • Ease of deployment: Plug-and-play services optimize all scenarios and flows.

  • Continually updated for compliance: Stay in compliance with a service that’s continually updated to meet the latest requirements.



Icon 1.png



Integrate Transmit Security passwordless MFA with Azure AD B2C


 


You can now fortify Microsoft Azure Active Directory B2C with Transmit Security passwordless MFA (available in the Azure Marketplace), designed to authenticate customers based on their true identities.


 


With Transmit Security, customers only register one account with your business and then log in with a biometric on any channel, using any of their devices, without ever entering a password or storing credentials in the cloud. Our unique device-binding method makes it easy and secure for customers to transfer trust to any of their devices, binding them all to one unified identity.



This cloud-native service seamlessly integrates within your new or existing Azure implementation. Passwordless MFA works alongside all methods of authentication provided by Azure AD B2C and supports other implementations like FIDO passkeys, an extended version of FIDO credentials. This allows you to give customers login options that satisfy their preferences while enhancing your security posture. Over time, you’ll be able to transition all customers to passwordless.


 


In a press release announcing support for the FIDO standard, Alex Simons, Corporate Vice President, Identity Program Management at Microsoft, said, “The complete shift to a passwordless world will begin with consumers making it a natural part of their lives. Any viable solution must be safer, easier, and faster than the passwords and legacy multifactor authentication methods used today.”


 


“Microsoft is thrilled to have Transmit Security as a Solutions Partner for Security,” said Yvonne Muench, Senior Director - Marketplace & ISV Journey at Microsoft. “Transmit Security is committed to helping Microsoft customers leverage the benefits of passwordless authentication via Microsoft Azure Active Directory B2C. Having an experienced and trusted security partner like Transmit Security building on and augmenting native Azure capabilities really helps support and drive the vision of a passwordless future.”



Visit Microsoft Learn for a simple step-by-step guide on how to configure Transmit Security passwordless MFA with Azure AD B2C. You can customize or brand the UI and roll out hundreds of user flows out of the box. It’s easy to set up secure and smooth password-free experiences across all channels and devices.



Picture1.png



Secure the full identity lifecycle



By removing customer passwords, your greatest security risk is gone. But today’s more sophisticated ATO fraud can compromise customer accounts before, during, and after the login. By implementing passwordless MFA as well the Transmit Security Account Protection service, you’ll seal the cracks across the full identity lifecycle.



Real-time risk and trust assessments correlate hundreds of signals to detect signs of ATO fraud anywhere in the customer journey, from registration to account recovery and every step in between. Any time risk is detected, you can challenge the user with true passwordless MFA. Together with Azure AD B2C, you’ll gain a formidable defense against ATO fraud.



Explore what you can do with Azure AD B2C and Transmit Security.


 

CISA Releases One Industrial Control Systems Advisory

This article is contributed. See the original author and article here.

CISA released one Industrial Control Systems (ICS) advisory on January 31, 2023. This advisory provides timely information about current security issues, vulnerabilities, and exploits surrounding ICS.

CISA encourages users and administrators to review the newly released ICS advisory for technical details and mitigations:

New transactable offer from Airplane Solutions in Azure Marketplace

New transactable offer from Airplane Solutions in Azure Marketplace

This article is contributed. See the original author and article here.

Microsoft partners like Airplane Solutions deliver transact-capable offers, which allow you to purchase directly from Azure Marketplace. Learn about this offer below:


 









Airplane Solutions.png

Airplane PricingThis SaaS solution handles large volumes of transactions quickly and accurately while providing real-time fare quotes for airlines, trains, and shipping companies. With Air Pricing, you can reduce GDS cost and dependencies by 75 percent of the distribution cost for direct channels. You can also integrate this tool with other inventory systems such as Amadeus, Navitaire, or airline passenger service systems. 


Finance Reimagined: Microsoft uses low-code and automation to streamline processes

Finance Reimagined: Microsoft uses low-code and automation to streamline processes

This article is contributed. See the original author and article here.

Innovation is a fundamental element for businesses to remain competitive and achieve success. Innovation leads to increased efficiency and effectiveness and contributes to improved business performance. With the ongoing economic challenges and recession facing global economies, the importance of innovation is even greater. The finance team plays a vital role in this endeavor by incorporating innovation into its strategies and operations. CFOs must not only fulfill their responsibilities as the financial stewards of the business but also actively collaborate with other departments to foster innovation and prepare for potential disruptions. In this challenging environment, CFOs must accomplish more with limited resources; innovation is the key to achieving this goal.

This blog post will explore the advantages organizations can gain by implementing a Finance Center of Innovation to review internal operations and discover ways to improve efficiency. Additionally, we will highlight a practical example from our Microsoft, where implementing robust and flexible technology enabled swift closing of technical deficiencies and automation of previously labor-intensive manual tasks.

Finance Reimagined

Learn how low-code applications can help your finance team accomplish more with less.

a person standing in front of a computer

Address complexity, manual processes, and inflexible legacy systems

One of the biggest challenges facing finance teams today is the sheer amount of data being generated, which can be challenging to manage and use effectively. In many cases, legacy systems that were once sufficient are now unable to keep up with the times and are costly to replace. Furthermore, there needs to be more tools available to finance teams to anticipate the growing complexity of businesses. Manual and inefficient processes and errors continue to plague finance teams and cost valuable time and money. Additionally, with increasing risks and threats worldwide, the regulations and compliance requirements that finance must abide by are growing in complexity. To mitigate these challenges and ensure business success, implementing a Finance Center of Innovation can help identify opportunities to use digital technologies, enabling finance teams to stay focused on the future and remain agile.

Learn how Microsoft embraces resourcefulness to innovate

At Microsoft, we are proactively adapting to the dynamic landscape by implementing a resourceful approach throughout our business operations. By embracing this “do more with less” philosophy, we are able to accelerate innovation, empower our employees to accomplish more, and ultimately drive better results. To achieve this, Microsoft has established a “Center of Innovation” strategy to facilitate the collaboration of technical and non-technical finance professionals to optimize existing processes. This allows our finance teams to direct their attention towards high-impact activities that foster growth and increase profitability. By thoroughly evaluating internal operations, the team identifies opportunities for improvement and efficiency, then deploys low-code applications, such as Microsoft Power Platform, to rapidly automate processes and streamline operations.

How can a Finance Center of Innovation (FCI) benefit my organization?

A “Finance Center of Innovation” (FCI) is a specialized team or department within an organization focused on driving innovation and creating new solutions in finance. The FCI aims to improve financial performance by exploring innovative technologies, approaches, and business models. FCIs will range from a diverse group of financial experts, engineers, data scientists, and business leaders to a small, dedicated team of finance professionals with an aptitude for using technology and solving problems. The specific composition and approach of an FCI will depend on the organization’s needs and goals. There are many valid approaches to take when building an FCI team, both simple and complex. The benefits of an FCI are numerous, so CFOs should get started with whatever resources are available and add complexity over time.

Having an FCI can bring many benefits to finance teams, such as:

  • Enhanced financial planning and analysis: The FCI can use data and technology to provide better insights and support more informed decisions, leading to improved financial performance.
  • Streamlined financial processes: The FCI can identify opportunities to automate and optimize financial processes, reducing errors and increasing efficiency.
  • Improved risk management and financial reporting: With access to more advanced tools and analysis, the FCI can help organizations identify and mitigate risks and improve the accuracy and timeliness of financial reports.
  • Compliance: The FCI team can help the organization stay up to date with the latest regulations, reducing the risk of non-compliance.

Innovate through automation of routine finance tasks

Assembling a team of experts is a crucial first step toward driving innovation within your organization. However, the next step is equally importantidentifying opportunities for acceleration. Finance teams should work closely with their Center of Innovation to identify and prioritize areas where automation can be introduced to optimize routine tasks. Some common examples include data entry automation, accounts payable and accounts receivable, expense management, compliance, and audit functions. However, it is crucial to note that the implementation and specific tasks will vary depending on your company’s unique needs. By collaborating with your Center of Innovation and identifying critical opportunities for automation, you can streamline processes, reduce costs, and free up your employees to focus on more strategic initiatives that can drive growth and revenue for your organization.

Accelerate innovation and automation with low-code solutions

Once optimization priorities have been identified by your FCI, the next step is selecting the appropriate resources to solve the problem. This can be challenging, as many teams are held back by inflexible legacy systems and processes that can only be easily corrected with significant technical resources. However, with low-code automation tools, FCIs can make these improvements and innovations without replacing expensive legacy systems, effectively breathing new life into their solution ecosystem without an expensive rip-and-replace. Microsoft Power Platform offers a powerful solution for finance teams looking to solve complex business challenges within their legacy enterprise resource planning (ERP) quickly. Our low-code tools empower innovation, conquer business hurdles, and open new opportunities to do more with less. Whether you are a pro developer or not, our user-friendly tools allow anyone to create solutions, saving time and costs while reallocating resources to focus on what matters most.

Case example: Microsoft streamlines payment term exception requests and improves the compliance process with Microsoft Power Platform, saving thousands of hours

Microsoft identified an opportunity to streamline payment term exception requests and improve the compliance process. Historically, contract payment term exception requests were received through multiple email inboxes, often needing more information for quick and accurate evaluation. The process owner was required to research and develop a compliant response. Still, finance controllers could not track the requests, measure impact, and analyze cash flow implications, leading to a lack of accountability and consistency in understanding payment policies. To improve this, the team used Microsoft Power Platform to automate the payment terms exceptions workflow for intake, dispositioning, decisioning, and reporting. Then, a Power Apps and Power Automate flow was developed to standardize request intake, automate alerts, and establish accountability. Finally, a Power BI dashboard was created to give executives visibility into change requests and cash flow impact. Within six months from the start of the project, the team had a more than 14 percent improvement in payment compliance while saving 5,000 hours (about seven months) per year of manual processing time, which reduced the average service time from 8 to 10 days to approximately 3 days.

Help finance stay strong for the future

At Microsoft, we understand the various challenges that finance teams and CFOs face in today’s business landscape. To address our challenges, we have implemented a finance-first innovation approach that utilizes our low-code platforms to enable the rapid creation of solutions to handle almost any business challenge. Our low-code apps are compatible with any ERP, including Microsoft’s own Dynamics 365 Finance,making it easy to get started. With easy-to-use technologies and helpful best practices, you can help your organization to optimize its resources and free up time for more value-adding activities, demonstrating the power of doing more with less. By embracing this approach, you can transform many manual and time-intensive activities into streamlined and efficient financial operations, keeping your organization agile and prepared for the future.

Learn more at Finance Reimagined

Discover the power of innovation and automation at Finance Reimagined on February 28, 2023. Join us for a session specifically designed for CFOs to learn how low-code applications can help your finance team accomplish more with less. Register now to take the first step towards revolutionizing your financial process.

The post Finance Reimagined: Microsoft uses low-code and automation to streamline processes appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.