Are your Microsoft solutions’ doors wide open & exposed to security threats?
Reading time: 2 - 3 minutes
In the latest episode of Tecman Talks Dynamics, Liam, Liz, Matt and special guest Mark discuss how you can keep your Microsoft solutions safe. Mark is our Operations Manager and oversees our customers' (and our) security, he is an expert in the Microsoft security protocols and knows all the ins and outs.
Recently Microsoft have upped their game and introduced brand new security protocols for all of their solutions; not just Microsoft Dynamics 365 Business Central, CRM and the Power Platform but also Teams, Microsoft 365 (aka Office) and much more. Not only will these new security methods keep your solutions safe but also limit who has access to them.
GDAP otherwise known as Granular Delegated Admin Privileges, is a new security protocol which limits who has access to your solutions. Many users have multiple partners who manage their various Microsoft solutions, previously these partners had access to everything, even if they didn’t manage that part of your solution. For example, your Modern Workplace Partner (Microsoft Teams, Microsoft 365, aka Word, Excel Outlook etc., Azure, SharePoint, Power Platform) would also have access to your Microsoft Dynamics 365 solution (Business Central, CRM) and would be able to make changes, even though they aren’t the manager of that solution. This could cause major issues if they make any changes without understanding the solution, potentially triggering a ‘too many cooks’ situation. With GDAP, the partner requests access to what they need and the customer grants admittance so you must make sure that you have access to a Global Admin Account.
2FA (2 Factor Authorisation) and OAuth (Open Authorisation) are used to grant users or software (such as e-commerce websites etc) authorisation and limited access to its protected resources. In the case of 2FA, it can be granted using the Authenticator app, text message, or through a phone call etc. This ensures that again, only the people who require access to your solution has access.
As discussed in the podcast, both of these types of authorisation can be a little problematic when it comes to leaving your phone in a taxi on a Saturday night. What are you going to do on Monday morning?! Or when the one person who has access to a certain area of the system is on holiday, uncontactable, off sick etc. But the pros out way the cons as this practice prevents cybercriminals from stealing, destroying, or accessing your internal data records for their own use. It’s easy to unregister devices should this need to be done in the case of a lost phone and Global Admins will be able to grant access should it be required.
New users who have signed up to their solutions since the new protocols came into play, will automatically be enrolled to use the new methods of security. Legacy users, if they haven’t already acted will need to speak to their partners to see what their plans are for these important changes.
We all know how important security is. Liz compares poor cyber security to ‘walking out your warehouse and leaving the doors wide open’ – you wouldn’t do this, so why would leave your digital defences open to the world? This is a super crucial podcast episode so listen today to get informed.