The justification for multi-factor authentication has been beaten to death by everyone from technical consultancies and service providers right through to insurance brokers and the marketing material that circulates your inbox. Chances are that by now, it’s something you’ve got (if not, let us know and we’re happy to help).

What’s the next step beyond that? Identity management isn’t exactly high on the priority list for most small businesses. Sure, in large organisations with hundreds if not thousands of staff, there’s likely a team of people who are solely responsible for such topics. Yet, in small business it’s rarely even acknowledged – key decision makers spend their time elsewhere on managing and improving business function with some considering said endeavours as a cost with no meaningful outcome.

What does your business look like? Logos of many SaaS apps

Let’s shift our perspective for a moment. Can you actually remember all your different passwords? Maintaining login credentials for various applications is a nightmare! Think about it; a standard company login for email and file access, often also logging you into a device.

Then there’s a login for your CRM, a payroll & leave portal, perhaps another invoicing system and so on. Staff must compete with different username formats, unique password policies and more. All while trying to maintain a secure record of what those are – and let’s be honest, people aren’t always great at that.

The answer to these issues is a single set of login credentials. Unified login, single sign-on, one login; call it what you want but the result is the same: a single set of corporate credentials for a person, granting them access as required to company resources.

This isn’t something that is restricted to enterprise organisations – it’s available right now to Microsoft 365 Business customers with no limit on the number of applications or staff. Providing single sign-on may seem trivial however Forrester Research states the average password reset costs an organisation $70. Expand that across the multitude of applications and staff an organisation has, and the hidden cost adds up quickly. Moving to a single identity source is not just about simplifying the experience for your staff it’s also about minimising costs for the organisation overall.

Secure bank vault

But why stop there, why not do away with passwords entirely? Well you can and chances are, this is something you’ve already started on, whether you’re aware or not. Apple bought the concept to market in 2013 by launching TouchID, with Android and Windows gaining support in 2015 for their own solutions. However, when we look at most small business environments, passwords still rule the world when it comes to authentication.

iPhone Lock Screen

The good news is that Microsoft 365 Business makes it simple to pivot away from this behaviour. By leveraging Windows Hello for Business to control access to your Windows 10 devices and the Microsoft Authenticator for application access, in conjunction with single sign-on, you can truly simplify the experience for your staff. Again, the less time that staff spend managing their credentials and access to resources, the more time can be spent growing their skills and moving the organisation forward.

The title of this article mentions raising the bar and while yes, removing the burden of passwords does indeed do that, Microsoft have given business clients another tool in their arsenal when it comes to protecting staff accounts and that is conditional access. Historically with an on-premise deployment, where a staff member was logging in from wasn’t of huge concern. Their desktop was in the office alongside the servers for files and business applications. They might have been lucky enough to receive remote access via a VPN or remote desktop server. However, for the most part, the physical location: its office hours and who held the keys served as a form of conditional access: you could only login to an application during office hours while on site. Fast forward to the age of cloud and SaaS and those same files can be accessed while sitting in a café or an airport lounge – what now defines the boundaries around accessing that data? Is it just set of login credentials, hopefully protected by multi-factor authentication?

Security guard at the entrance of an old museum

Conditional Access for Microsoft 365 gives you control over what access your staff have to Microsoft 365 as well as those 3rd party services you use. Can they login from a personal computer – the same one that their young child downloads games to? Should they be able to login from Europe or the US despite their office being here in Australia? Are they allowed to have email on their phone, the same phone with no password that substitutes as a babysitter when they’re busy? Quite simply, Conditional Access brings back those controls that you took for granted and that vanished with the explosion in cloud computing. It serves as excellent risk mitigation, proving peace of mind, reduced exposure and in some situations, lower digital insurance costs.

Whether it’s implementing a single sign-on solution for your applications, enabling password less authentication for your devices or setting some boundaries for your staff, have a coffee with the team at MODEX today and learn how you can better leverage the platform of Microsoft 365 for business.

Written by

Chris Chambers

Chris Chambers

Systems Engineer - Modern Workplace

Contact us today to step up your security game