Prior to Microsoft’s Ignite conference I was able to talk with the company’s CISO Bret Arsenault about some key elements that we all should be doing to keep Windows networks secure. He talks about four pillars of security: passwordless identity management, patch management, device control and security benchmarks.
1. Passwordless identity management
Arsenault’s recommendations start with using multi-factor authentication (MFA) and moving to passwordless identity management. Based on the 2020 Verizon Data Breach Investigations Report, stolen credentials are behind 80% of cyberattacks. It’s a key reason why Microsoft emphasizes getting rid of normal passwords and focuses on passwordless techniques.