“Nobody expects the Spanish Inquisition! Our chief weapon is surprise, fear and surprise…”
Leave it to a 1970 Monty Python sketch to perfectly sum up 2020! No one expected a global health pandemic and its impact on every aspect of our lives. But there are some 2020 predictions with regards to Active Directory, Azure Active Directory and Office 365 we made that did come true – though not for the reasons any of us had thought. Let’s take a look.
Predictions #5: You’re going to get a new job as your organization takes Office 365 management more seriously and #6: Teams denial will end for SMBs.
We can thank the shutdowns for delivering #5 and #6 to us – literally overnight. Looking at Microsoft’s Q4 FY20 numbers, Microsoft 365 (formerly Office 365 – I didn’t predict the name change) had 19% revenue growth! Back in April, they announced 75 million daily active Teams users. We’re all taking Microsoft 365 and Teams more seriously now. As we’ve settled into WFH and leveraging O365 and Teams, the pain of trying to manage this new environment using legacy management models (e.g., Exchange admin is the Exchange Online admin, etc.) is likely causing strain. So, if your organization hasn’t re-orged IT to support Office 365 yet, they will soon. And if you still have data on-prem that’s driving VPN overload, consider migrating the rest of that content to Office 365.
Prediction #7: Just when you thought Microsoft licensing was confusing enough, it’ll get worse.
We can thank the pandemic for fulfilling this one too. At the start of the shutdowns, Microsoft offered 6 months of free Office 365 E1 licenses and all those have been coming due the last few months. A sudden ramp up of licenses, switching to E5 licenses to run Teams Live Events or users purchasing their own PowerBI licenses is compounding this problem.
Prediction #2: Azure AD and Hybrid AD security shortfalls will give rise to new attacks.
I’m not sure I can take credit for this one. While yes, we saw more attacks on Azure AD and O365 environments, which could lead down into your on-prem AD, a lot of these attacks were phishing based. The shortfall wasn’t necessarily Azure AD, but, alas, we the end users. In late September, Microsoft announced that it removed 18 Azure AD apps used by nation state-sponsored hacker groups who used the apps to automatically configure victim’s endpoints with the right permissions to exfiltrate data. However, this attack only worked first because of phishing. So send out those phishing reminders to your end users, folks! And then catch up on the top three logs to spot and stop workstation attacks for your remote workforce.
Looking ahead to 2021
2021 can’t get here fast enough for most of us! Nothing particularly magical happens at the stroke of midnight: the pandemic doesn’t disappear, cybercriminals don’t stop attacking our networks, and users and data in that M&A IT integration project don’t just appear in the target environment. But a new year is full of hope and promise, and there’s really only one way to go from 2020. So stay tuned for my 2021 predictions!