Here are your 2020 predictions for Active Directory security and Office 365

Here’s our take on the big news and the big projects you’ll face as an Active Directory or Office 365 professional this coming year!

I’ve been in this business over 16 years, my colleagues who helped contribute to these prophesies have way more experience and certifications than that, and Quest itself has moved, managed and secured over 336 million AD users over the last 25 years. So, we know a little something about what Active Directory and Office 365 professionals are facing.

It also helps that I had some very in-depth 1:1 conversations with the industry’s most respected Microsoft MVPs and experts at The Experts Conference (TEC), a hybrid AD and Office 365 professionals’ training and networking event sponsored by Quest; so I’ve made some inferences based on those conversations as well.

Let’s get predicting.

1. MORE companies will follow new NIST guidelines & MITRE security matrix

More companies in 2020 will adopt new NIST guidelines and the MITRE security matrix. Neither of these guidelines are required, but they sure provide best practices around 2FA, passphrases and Zero Trust as well as insight into the likely avenues of attack and how to defend against them. For example, Zero Trust, the idea that no one human being or service account should have the ability to do something on their own, would have a limiting impact on privilege escalation (i.e., creating an approval workflow for making changes to objects in the directory). Check out more ways to protect your Active Directory in Randy Franklin Smith’s TEC keynote.

2. Azure AD and Hybrid AD security shortfalls will give rise to new attacks

A growing trend for organizations both from a security perspective and end-user experience is to connect more clients directly to Azure AD, making the cloud-identity service more authoritative. This would help prevent mimikatz lateral traversal of objects and give users a faster on-ramp with their new laptop. However, best practices, tools and IT expertise are not keeping pace with the rate of adoption, creating new security blind spots. Endpoints leveraging Azure AD are more exposed to direct assault, making them prime targets for password spraying as Sean Metcalf mentioned in The Experts Conference keynote address. Once you have that Azure AD password, attackers can find ways to move off the cloud and into your on-premises Active Directory or restore a deleted user from the Azure recycle bin to regain role access. In 2020 more organizations will start to deploy multifactor authentication (MFA) and threat detection.

3. Vulnerable apps for Microsoft Teams will expose sensitive corporate data

The meteoric rise of Microsoft Teams and the apps users freely download into it will create more access vulnerabilities for your network. Just like vulnerable apps on our phone can expose our contact list, texts, emails, camera and microphone access, so too can vulnerable or malicious apps in your Teams environment. Microsoft does provide app permission policies, but you have to know to restrict the apps that are all accessible by default, then you have to know which ones you want to block and which ones you want to authorize. But most Teams administrators don’t know or have the time to manage this, so anyone in your org can download a vulnerable app into Teams – you know that place where tons of sensitive data is accessible? We go into great detail about how you can secure Microsoft Teams in this post.

4. Looky here! That ransomware attack is hiding something more sinister

They say the cover-up is worse than the crime. When a ransomware attack destroys your network, it’s hard to say which is worse because you may not have known you were breached beforehand – and that’s the point according to Microsoft Certified Master Sean Metcalf in this TEC Talk video on AD breaches. In 2020, we’ll see ransomware moving from being just a blunt instrument for quick cash to a surgical tool as part of a bigger cyber-attack strategy to hide the trail of a breach. Not only that, but we’ll see this malware learn lessons from its past to become even more annihilating, like deleting on-premise objects in AD that sync with its cloud cousin before encrypting the entire directory. A scenario like this would have wiped out Norsk Hydro’s Azure AD instance, preventing communication during their cyberattack via Exchange Online. Organizations will begin to audit the endpoints more and shift their thinking that ransomware is a replicating virus out in the wild but is instead the result of a timed payload to obfuscate a breach.

Reduce your AD attack surface

Reduce your AD attack surface.

See where you’re exposed and how to remediate it.

5. You’re going to get a new job as your org takes Office 365 management more seriously

Enterprises will finally rethink how they organize their Office 365 admin team to keep pace with its rapid changes and interdependent security model. They can no longer get by with using their legacy model (e.g., Exchange admin for Exchange Online, SharePoint admin for SharePoint online) because neither one is very good at managing the overall environment, as Microsoft MVP Tony Redmond outlines in this TEC talk video. You have to have admin rights to manage Office 365, which underpins Exchange Online, SharePoint Online, Teams, etc. We’ll see these organizations start to form Office 365 admin teams run by a program manager to connect the dots between EXO and SPO admins in weekly war room style meetings to manage the deluge of O365 changes.

6. Teams denial will end for SMBs

Microsoft Teams is truly a tool for the modern worker, and any one of those workers, even the intern, can create a group and a Team, invite outside contributors, and dump tons and tons of data, even the sensitive kind, into it. After all, Teams is on by default in any Office 365 environment. The horse has already left the barn before anyone understands the predicament they are in. Our enterprise customers have already begun to feel this pain, but we see too many of our SMB customers living in denial. That will end this coming year as they get their heads around Teams and all the nobs and controls to govern it. Check out this TEC Talk video on how to build governance around your growing Teams environment or our post on Microsoft Teams security: A primer on how to secure Microsoft Teams.

7. Just when you thought Microsoft licensing was confusing enough, it’ll get worse

Microsoft announced in late October the ability for end-users to buy licenses for the Office 365 PowerBI products (PowerBI, PowerApps, and Flow) without administrator approval or knowledge. As an Office 365 admin, this feature is turned on by default and that means users will be buying unbudgeted and uncontrolled licenses. This is all part of Microsoft empowering the end user and streamlining the process and stickiness for getting these tools in their hands. So far, the reaction we’ve heard from admins is one collective head bang on the wall. In 2020, we’ll see more organizations seek tools that give them insight into Office 365 usage patterns that shows trends in utilization and estimated licensing costs and losses.

Since security is such a big part of these 2020 predictions, I will leave you with this video of longtime Microsoft MVP and Active Directory expert, Randy Franklin Smith, speaking about how to protect your AD in his keynote at The Experts Conference.

Protecting your AD with Randy Franklin Smith

Join Randy Franklin Smith, Microsoft MVP, as he explains the one command that can shut down attacks on your AD.

Watch the Video

About the Author

Jennifer LuPiba

Jennifer LuPiba is the Chair of the Quest Software Customer Advisory Board, engaging with and capturing the voice of the customer in such areas as cybersecurity, disaster recovery, management and the impact of mergers and acquisitions on Microsoft 365, Azure Active Directory and on-premises Active Directory. She also writes thought leadership articles and blogs aimed at the c-suite to evangelize the importance of these areas to their overall business. She chairs The Experts Conference, a yearly event focused on pure Active Directory and Office 365 training at the 300 and 400 level for the boots-on-the-ground Microsoft admins and managers.

Related Articles