What’s next for Microsoft 365
It’s been over a decade since we first learned about the Microsoft 365 brand – and it’s now one of the most widely used subscription service lines in the world. Last year marked the 10th anniversary, and if we look back since its debut, the service has only expanded in scope and capabilities, especially when it comes to the security and compliance center.
The rapid rise of Microsoft 365 is hardly a surprise, given the hybrid world we find ourselves in today. However, as the number of M365 users continues to grow at a rapid rate, the security risks for users and administrators will only increase. To break it down, between January and December 2021 alone, Microsoft Azure Active Directory blocked more than 25.6 billion malicious attempts to hijack corporate customer accounts by brute-forcing stolen passwords.
The numbers are staggering, and what it shows is that our digital identity is only becoming more at risk, with malicious hackers looking to take advantage and steal credentials. So that begs the question, how can we be safer? Based on a recent Microsoft Reportthe most common methods used by threat actors included email phishing and other malicious messaging activity targeting Microsoft users – with more than 35.7 billion attempts blocked last year.
As the number of users continues to grow, this rapid adoption poses new challenges, the hacks are likely only beginning to up their game, and there is also a risk of service interruptions and security breaches, as the More sensitive credentials need to be protected – which makes Microsoft an attractive target for bad actors. Essentially, this is to say that security threats are on the rise and there will inevitably be more difficulties at all levels when it comes to keeping users safe. However, it’s not all bleak, Microsoft will and has continued to evolve its security and there are critical steps users can take as well.
First, being knowledgeable and implementing up-to-date security practices and tools from start to finish around infrastructure, application, and user security can make such a big difference. Microsoft 365 data can easily be vulnerable to user error, accidental deletion, corruption, and malware.
One thing is clear: cybercriminals are becoming more and more sophisticated and are using new techniques capable of circumventing even the most resistant security systems. Based on the latest version from Microsoft Digital Defense Report, threats from nation states are becoming more frequent and difficult to detect, resulting in more individuals being targeted specifically for access to their relationships and personal information. These attacks can cause significant financial and human damage; therefore, it is crucial to educate your employees to avoid being targeted in the first place. Meanwhile, applying Zero Trust principles is also becoming essential to protecting your hybrid workforce today, regardless of user location or threat size.
This isn’t new to Microsoft, as there are already an abundance of layers in place to defend against phishing, ransomware, malware, and other advanced threats. However, due to the increase in serious breaches over the past few years, including Colonial Pipeline, JBS Foods, and even Microsoft Exchange, we should see increasing investments in machine learning capabilities to improve end-to-end security. The benefits of these new investments will go far beyond security: they will inevitably help IT teams protect against known and unknown issues before they hit the end user. For example, all cloud migration protection features will help move IT workloads with little or no disruption to end users.
Microsoft has a lot to think about when it comes to security, but those learnings really extend to most companies. Any organization can be vulnerable to a supply chain attack, even when its own defenses are strong, as attackers explore new ways to infiltrate organizations by targeting their suppliers. This is not a small number of cases. In order to compromise the targeted customers, the attackers focused on vendor code in about 66 percent reported incidents. Recent attacks, such as SolarWinds and Kaseya, highlight that we are only as secure as our weakest link in the supply chain at all levels. Overall, the supply chain is a critical security function and it is important for companies to ensure that each supplier/company follows security best practices.
As challenges continue to evolve with digital acceleration, it’s hard to know what the next decade will hold for M365, but based on ever-changing business needs and shifting customer demands, we should expect to have :
- Accelerated productivity. Just as Microsoft Teams ushered in a new standard for app integration across multiple M365 workloads (e.g., SharePoint, Exchange, OneDrive), we will see continued app integration across the M365 ecosystem, this which will increase the productivity of end users.
- Automating. M365 capabilities and applications such as Power Automate will continue to evolve as the amount of data grows faster than ever. As a result, the ability to automate and customize M365 applications to streamline business processes will accelerate.
- Custom apps. Due to very specific customer needs, the app development experience in M365, driven by Microsoft Teams and SharePoint Online, will continue to get easier and more powerful. Therefore, we will see more customizable applications developed by companies and citizen developers that solve specific business problems.
As security concerns continue to grow over the next decade, Microsoft will need to diligently manage its own supply chain of external dependencies used to build and deliver M365 cloud services. However, businesses can make their use of M365 more efficient by knowing what they have access to through careful inventory management and maintenance. If the next 10 years are anything like the previous 10, we can expect exciting momentum as capabilities are expanded to meet specific customer needs.
Pete Caldecourt is Director of Product Management, Quest.