top of page

5 ways to secure identity and access for 2024


The security landscape is evolving rapidly. In 2023, we saw record numbers, with 30 billion password attack attempts per month, a 35% increase in demand for cybersecurity experts, and a 23% annual rise in cases handled by Microsoft’s Security Response Center and Security Operations Center teams. This surge is partly driven by the rise of generative AI and large language models, which bring both opportunities and challenges for security professionals, particularly in securing access effectively.


Generative AI enables individuals and organizations to enhance productivity and accelerate workflows, but these tools also introduce internal and external risks. Cybercriminals are leveraging AI to launch, scale, and automate sophisticated attacks without writing a single line of code. Additionally, the increasing demand for machine learning has led to a proliferation of workload identities across corporate multicloud environments, complicating the task for identity and access professionals to secure, manage, and monitor both human and machine identities.


To address these challenges, adopting a comprehensive defense-in-depth strategy that covers identity, endpoint, and network security is essential for 2024 and beyond. To effectively secure identity and access within your organization, focus on these five key areas:


  • Empower your workforce with Microsoft Security Copilot.

  • Enforce least privilege access, including for AI applications.

  • Prepare for more sophisticated cyberattacks.

  • Unify access policies across identity, endpoint, and network security.

  • Manage identities and access across multicloud environments.


These recommendations are based on our experience serving thousands of customers, collaborating with industry leaders, and continuously protecting the digital economy from an ever-changing threat landscape.



Cybersecurity


Priority 1:

Empower your workforce with Microsoft Security Copilot


In 2024, generative AI will become an integral part of cybersecurity solutions, playing a key role in securing access. With human and machine identities multiplying rapidly, identity-based attacks are also increasing. Investigating identity risks through sign-in logs is not scalable, especially when facing over 4,000 identity attacks per second, compounded by cybersecurity talent shortages. Identity professionals need every advantage they can get, and Microsoft Security Copilot is designed to provide that edge, helping organizations navigate the noisy security landscape. With AI-driven automation, Copilot enhances the efficiency and intelligence of identity teams by operating at machine-speed.


According to the latest Work Trend Index, business leaders are already empowering employees with AI to boost productivity and handle repetitive, low-value tasks. Early adopters of Microsoft Security Copilot have reported a 44% increase in efficiency and an 86% improvement in work quality. By using natural language prompts, identity teams can cut down on time spent on routine tasks such as troubleshooting sign-ins and managing identity lifecycle workflows. Copilot also helps teams investigate users and sign-ins related to security incidents and take immediate corrective action, while enhancing overall team expertise.


To maximize AI investments, identity teams should develop consistent practices for using AI tools like Copilot. Once employees are familiar with these tools, building a prompt library specific to the company’s tasks, projects, and business processes will help streamline productivity and enable new team members to get up to speed quickly.


How to get started: Explore Microsoft Learn’s training on generative AI fundamentals and subscribe for updates on Microsoft Security Copilot to stay informed about new product innovations, AI tips, and upcoming events.



Priority 2:

Enforce least privilege access, including for AI applications


A common challenge organizations face is securing access to AI applications, whether in corporate (sanctioned) or third-party (unsanctioned) environments. Insider risks such as data leakage or contamination can lead to compromised large language models, confidential data being shared in unmonitored apps, or rogue user accounts being created and easily exploited. The risks are particularly severe in sanctioned AI apps, where improperly permissioned users can inadvertently access and manipulate sensitive company data.


To mitigate these risks, organizations must apply the same identity and access governance rules to AI applications as they do to other corporate resources. This can be achieved with an identity governance solution, which allows for the implementation of precise access policies across all users and resources, including generative AI apps. By doing so, you ensure that only authorized users have the appropriate level of access. Automating the access lifecycle at scale can be accomplished with controls like identity verification, entitlement management, lifecycle workflows, access requests, reviews, and expirations.


To enforce least privilege access, ensure that all sanctioned services, including AI applications, are managed by your identity and access solution. Tools like Microsoft Entra ID Governance can help define or update access policies, controlling who has access to company resources, under what conditions, and for how long. Automating these policies using lifecycle workflows ensures that users maintain the correct access levels as their roles change. For external users such as customers, vendors, or contractors, Microsoft Entra External ID can extend governance rules to manage their access. Additionally, high-risk actions can be secured with real-time identity verification using Microsoft Entra Verified ID. Microsoft Security Copilot also comes equipped with governance policies specifically designed for generative AI apps to prevent misuse.


How to get started: Read the guide on securely governing AI and other critical business applications. Ensure your governance strategy adheres to least privilege access principles.



Cybersecurity


Priority 3:

Prepare for More Sophisticated Attacks


The intensity, speed, and scale of known attacks like password spraying are on the rise, while new attack techniques are emerging rapidly, posing serious risks to unprepared teams. Although multifactor authentication (MFA) adds a layer of security, cybercriminals continue to find ways to bypass it. More sophisticated attacks, such as token theft, cookie replay, and AI-driven phishing campaigns, are becoming increasingly common. Identity teams must adapt to a new landscape where malicious actors can automate entire threat campaigns without needing to write any code.


To safeguard against today’s persistent identity threats, we recommend adopting a multi-layered approach. Start by implementing phishing-resistant multifactor authentication methods that rely on cryptography or biometrics, such as Windows Hello, FIDO2 security keys, certificate-based authentication, and passkeys (both roaming and device-bound). These methods can help mitigate over 99% of identity attacks, including advanced phishing and social engineering schemes.


For more sophisticated threats like token theft and cookie replay, utilize a machine learning-powered identity protection tool along with a Secure Web Gateway (SWG) to identify various risk signals that indicate unusual user behavior. Implement continuous access evaluation (CAE) with token protection features to respond to these risk signals in real-time, allowing you to block, challenge, limit, revoke, or permit user access as necessary. Additionally, educate employees about common social engineering tactics to combat emerging threats like one-time password (OTP) bots that exploit multifactor authentication fatigue. Using the Microsoft Authenticator app can help suppress sign-in prompts when such fatigue attacks are detected. For high-assurance scenarios, consider utilizing verifiable credentials—digital identity claims from authoritative sources—to quickly validate an individual’s credentials and grant least privilege access with confidence.


Customize your policies in the Microsoft Entra admin center to require strong, phishing-resistant authentication for all scenarios, including stepped-up authentication with Microsoft Entra Verified ID. Ensure the implementation of an identity protection tool like Microsoft Entra ID Protection, which now includes token protection capabilities to detect and flag risky user signals that your risk-based CAE engine can actively respond to. Lastly, secure all internet traffic, including all Software as a Service (SaaS) applications, using Microsoft Entra Internet Access, an identity-centric SWG designed to protect users from malicious internet traffic and unsafe content.


How to Get Started: To kick off your defense-in-depth strategy, we have developed default access policies that simplify the implementation of security best practices, such as requiring multifactor authentication for all users. Check out our guides on enforcing phishing-resistant multifactor authentication and planning your conditional access deployment. Finally, familiarize yourself with our token protection, continuous access evaluation, and multifactor authentication fatigue suppression features.



Priority 4:

Unify Access Policies Across Identity, Endpoint, and Network Security


In many organizations, identity, endpoint, and network security functions operate in silos, with different teams utilizing various technologies to manage access. This fragmentation can lead to conditional access changes being implemented in multiple locations, increasing the likelihood of security gaps, redundancies, and inconsistent access policies. It is essential to integrate identity, endpoint, and network tools under a single policy engine, as no single category can adequately protect all access points on its own.


By adopting a Zero Trust security model that encompasses identity, endpoint, and network security, you can streamline the management and enforcement of granular access policies from a centralized location. This approach reduces operational complexity and helps eliminate gaps in policy coverage. Furthermore, by enforcing universal conditional access policies from a single point, your policy engine can assess a broader range of signals—including network, identity, endpoint, and application conditions—before granting access to any resource, all without requiring code changes.


Microsoft’s Security Service Edge (SSE) solution is designed with identity awareness and offers a unique innovation within the SSE category by integrating identity, endpoint, and network security access policies. This solution includes Microsoft Entra Internet Access, a Secure Web Gateway (SWG) that protects SaaS applications and internet traffic, as well as Microsoft Entra Private Access, a Zero Trust Network Access (ZTNA) solution that secures access to all applications and resources. Unifying your network and identity access policies makes it easier to manage your organization’s conditional access lifecycle and secure access.


How to Get Started: Explore these blogs to understand why the identity-aware designs of Microsoft Entra Internet Access and Microsoft Entra Private Access make them stand out in the SSE category. For insights on various use cases, scenarios, configuration prerequisites, and enabling secure access, visit the Microsoft Entra admin center.



Priority 5:

Control Identities and Access for Multicloud


As multicloud adoption continues to grow, achieving full visibility over which identities—both human and machine—have access to various resources across different cloud environments has become increasingly challenging. Additionally, the rise of AI-driven workloads has led to a significant increase in the number of machine identities, now outnumbering human identities by a ratio of 10 to 1. Many of these identities are provisioned with excessive permissions and minimal governance, with less than 5% of granted permissions actually being utilized. This indicates that the majority of machine identities do not adhere to least privilege access principles, making them attractive targets for attackers who are now focusing on workload identities as a new vulnerability vector. Organizations need a centralized control center to manage workload identities and permissions across all their cloud platforms.


Securing access to your multicloud infrastructure for all identity types begins with selecting a methodology that aligns with your organization’s needs. The Zero Trust model offers a highly customizable framework applicable to both workload and human identities. Implementing this approach can be effectively achieved through a Cloud Infrastructure Entitlement Management (CIEM) platform, which provides valuable insights into granted permissions across your multicloud, how they are used, and facilitates the right-sizing of those permissions. To extend these controls to machine identities, a dedicated tool for workload identities is essential, employing strong credentials, conditional access policies, monitoring for anomalies and risk signals, conducting access reviews, and enforcing location restrictions.


To streamline and unify the management of your organization’s multicloud environment, begin by evaluating the health of your multicloud infrastructure with Microsoft Entra Permissions Management. This tool will help you discover, detect, right-size, and govern your organization’s multicloud identities. Next, utilize Microsoft Entra Workload ID to transition your workload identities to managed identities wherever possible, applying robust Zero Trust principles and conditional access controls.


How to Get Started: Initiate a free trial of Microsoft Entra Permissions Management to evaluate your organization’s multicloud environment and implement recommended actions to mitigate any access rights risks. Additionally, use Microsoft Entra Workload ID to assign conditional access policies to all your applications, services, and machine identities based on least privilege principles.



Cybersecurity


Microsoft's Commitment to Continued Partnership with You


Microsoft hopes that the strategies outlined in this blog will help you develop an actionable roadmap for securing access across your organization—ensuring that everyone has access to everything.


However, access security is not a one-way street; it is your ongoing feedback that enables Microsoft to deliver truly customer-centric solutions to the identity and access challenges we face in 2024 and beyond. Microsoft is grateful for the continued partnership and dialogue—from day-to-day interactions and joint deployment planning to the direct feedback that shapes our strategy. As always, Microsoft remains dedicated to developing the products and tools you need to protect your organization throughout 2024 and beyond.


To learn more about Microsoft Entra, or to revisit the identity discussions from Microsoft Ignite, please explore our resources.


For additional information on Microsoft Security solutions, visit our website. Don’t forget to bookmark the Security blog to stay updated with expert coverage on security issues. Also, follow Microsoft Security on LinkedIn and @MSFTSecurity on X for the latest news and updates on cybersecurity.


Learn more here.

4 views0 comments
bottom of page