KARE Security Update Change Notice
In response to increased cyber-activity, Kinetics is planning to roll out two changes across all KARE Foundation subscribers. This change only impacts subscribers on KARE Foundation or KARE Security Plus plans.
1. Multifactor Authentication (MFA)
Most subscribers are already using these settings but there are a few that have opted for a reduced level of MFA security. We are now increasing the setting for all clients unless we are specifically asked not to. In the week commencing May 12th, we will be turning on ‘geo-locking’ and ‘number matching’ for ALL Multi-Factor Authentication (MFA) use, subject to your version of 365 supporting these options. We expect it will take us just over a week to roll this change out across all subscribers.
These have been options and many of our clients have already opted to turn them on. It is our intent to now make this our default setting. For what it is worth, we understand that Microsoft might be about to do the same.
There will be no cost for this change, but this will limit users to only accessing their systems in New Zealand and Australia. Any users travelling overseas beyond Australia will need to contact us to have their access relaxed for the period of their travel and their destination and this will incur a small charge. If your organisation does a lot of overseas travel, then we can setup a self-service function for you on request.
if you have staff based permanently overseas, we will adjust their geo-lock for the country in which they work. We have a number of clients with staff based in North America, Europe or Asia and understand the need to look out for them.
If you do not wish it to be turned on for you, please let us know.
We appreciate that MFA can be an inconvenience. Nonetheless, it has become one of the most effective tools to protect you from cyber-crime.
However, MFA is not infalliable. Please remain on your guard and report anything that seems suspicious.
Geo-locking can be overcome by VPNs, and hackers can steal your MFA token with a ‘man-in-the-middle’ attacks. These are where they have a fake 365 login page and try to trick you into entering your details including your MFA code. KARE Foundation includes an AI-powered browser scanner that works to detect these fakes. Nonetheless, security is all about layers or protection, and you are one of those layers!
Finally, a note from a recent customer experience. If you experience many MFA prompts in a short time, and you know you aren’t trying to access your system, please don’t hit ‘accept’. Instead contact us for help. Remember that you can put your phone on ‘silent’ or flight mode, albeit that makes it harder for us to call you back.
2. Restricting Enterprise Applications in 365
To ensure the safety in your Microsoft tenant, Kinetics are planning to adjust the application permission settings in line with best practice. This means that either Kinetics, onsite IT or designated staff will be required to approve the application. This only needs to be done once per application. The approval prompt will look similar to the image below.
If there is no designated staff member or IT staff on site, please raise an IT service request after requesting app approval.
Why are we making this change?
Microsoft have recommended the change because of the increasingly challenging security environment. These ‘enterprise applications’ can act on behalf of users and can have the same access as the users. They are also able to bypass multifactor authentication. This means that if you consent to an ‘enterprise application’ it could read all your data as well as send out mail as if it came you. It is scary to realise you could inadvertently give this access in just one click.
Existing Applications
Please note that this will have no impact on any applications that have already been added. It will only impact NEW requests.