Image Credit: Getty Images

>>Don’t miss our special issue: How Data Privacy Is Transforming Marketing.<<

Phishing emails are one of the most effective tools cybercriminals have at their disposal. According to the ITRC, 537 out of 1,613 publicly disclosed breaches in 2021 involved phishing, smishing or BEC. 

In an attempt to address the threat of phishing, Microsoft today announced the release of three new phishing-resistant solutions designed to help organizations prevent phishing attacks in Azure, Office 365, and remote desktop environments. 

More specifically, the introduction of certificate-based authentication (CBA), conditional access authentication, and Azure virtual desktop adding support for FIDO authenticators provide additional multifactor authentication (MFA) controls to protect privileged users from credential theft and phishing attacks. 

For enterprises, the release highlights that the passwordless authentication ecosystem is growing rapidly, and has the potential to decrease reliance on login credentials which are easy to hack and steal.  

Addressing phishing with passwordless authentication 

The announcement comes shortly after the U.S. government highlighted the importance of implementing phishing-resistant MFA as part of Executive Order 14028 and OMB Memo M-22-09. 

It also comes as the number of phishing scams continues to increase, with Zscaler reporting that phishing attacks rose 29% globally to a record high of 873.9 million attacks. 

“Providing new identity solutions to protect our customers is paramount in the fight to stop phishing,” said Sue Bohn VP of product management for Microsoft’s Identity and Network Access (IDNA) group. “We’re excited to launch these new features that support key steps customers can take in their Zero Trust journey, and Yubico has been with us fighting against these phishing attacks every step of the way.”

A look at Microsoft’s new phishing-resistant features 

Microsoft’s new CBA feature will enable organizations with smart card and public-key infrastructure (PKI) deployments to authenticate Azure AD without a federated server. 

In addition, conditional access enables enterprises to implement specific user authentication policies, including YuBiKeys for phishing-resistant MFA or FIDO-based passwordless or certificate-based authentication, making it much harder for cybercriminals to target privileged Azure users. 

Azure Virtual Desktops (AVD) new support for FIDO authenticators means users can connect to personal workstations in the cloud with FIDO-based passwordless authentication. 

Across the board, these protections will make it much more difficult for threat actors to access protected resources via credential theft and phishing attempts.