The widespread shift to remote work early last year catalyzed what our CEO Satya Nadella described as “two years’ worth of digital transformation in two months.”  

Now, a new wave of change is expected as organizations globally shift to a hybrid workplace. 

While this blistering pace of tech-fueled evolution generates exciting new opportunities for the entire Microsoft partner ecosystem, it also uncovers new challenges for our customers to navigate, and one of the primary concerns for any organization is cybersecurity. The massive shifts in how and where we work have bred new types of threats from cyber bad actors, and the broader adoption of the hybrid workplace is expected to result in additional vulnerabilities. 

Microsoft processes more than 8 trillion signals every 24 hours, and repelled a record-breaking 30 billion email threats last year. Despite these efforts, the world has entered what Microsoft CVP Vasu Jakkal referred to as “a realm of next-level attacks.” All of us must perpetually evolve our security processes to keep up with the sophisticated attacks of cyber criminals and nation state hackers, and our customers are relying on partners more than ever to help them make the right moves to keep their organizations’ data safe. 

We’re committed to ensuring partners have the resources, tools, and guidance needed to help customers evolve their security practices. Here are specific areas of focus that help partners tackle security, compliance, and identity issues for customers.  

Adopting multifactor authentication 

Passwords are ineffective and expensive to manage, while other forms of authentication offer a safer and more user-friendly experience. Requiring more than one form of authentication, or multifactor authentication (MFA), is also more effective at verifying identity and boosting security as a result. According to Microsoft CISO Bret Arsenault, “Using MFA is the single most effective security practice that companies are not employing.” He has spearheaded a campaign to eliminate passwords entirely at Microsoft, and over 90 percent of our workforce currently uses alternate authentication methods. 

By helping customers adopt multifactor authentication, partners can help them dramatically reduce their organizations’ risk. Surprisingly, only 18% of our customers have MFA turned on. Considering any customer with a commercial service subscription (such as Azure or Microsoft 365) can turn on MFA at no additional cost, it is a no-brainer to utilize this powerful defense tool. As Microsoft CVP Ann Johnson recently shared, “Using MFA blocks 99.9 percent of the account hacks your organization and customers face, on average.” And in a world where entire networks of vendors and other third-party companies share information, closing one organization’s vulnerabilities can help increase security. 

Migrating to the cloud 

Organizations should continue to evaluate migrating to the cloud to boost security. Maintaining and defending on-premises data centers can be costly and time consuming. Turning to the cloud outsources much of that work, allowing your IT staff to prioritize their time to focus on high-value issues. According to Ann Johnson, “With more enterprises relying on cloud technology, developing a comprehensive cyber resilience strategy as part of a holistic approach to operational resilience makes preparing for a wide range of contingencies less complicated.” 

We bake security into all of our products and solutions. Migrating to Microsoft Azure allows companies to benefit from the protections offered by Microsoft Azure Sentinel, Microsoft Azure Active Directory, Microsoft Azure Purview, and more. To review the latest Azure-related security updates, you can read my blog about the security announcements we made during Microsoft Ignite 2021 in March. 

Upskilling your workforce 

The cybersecurity industry is facing a shortage of workers, which further complicates keeping up with the constant onslaught of cyberattacks. By building the security skillsets within your organization, you can better position your company to both protect itself and offer valuable services and guidance to customers.

We strive to ensure that partners have the skilling and training resources needed to keep your team prepared to handle increasingly complex cyber threats. Use our enablement guide to find online courses and resources. We are excited to announce that we have released four new certifications for security, compliance, and identity, including: 

• The Microsoft Security, Compliance, and Identity  Fundamentals Certification can help individuals showcase fundamental knowledge of security, compliance, and identity across cloud-based and related Microsoft services. You can prepare for this new certification by learning the concepts and capabilities of Microsoft’s security, compliance, and identity and access management solutions. 

• The Information Protection Administrator Certification can help individuals showcase knowledge of core data concepts and how they’re implemented using Azure data services. 

• The Identity and Access Administrator Certification can help individuals showcase knowledge of core identity governance principles, as well as ensuring a proper identity lifecycle.  

• The Security Operations Analyst Certification can help individuals showcase knowledge of threat mitigation using Microsoft security, compliance, and identity solutions, as well as performing proactive threat hunting activities. 

In the coming weeks, we are releasing a new Hybrid Cloud Security advanced specialization. This will help bring a unique level of differentiation for partner organizations, in addition to the current security-related advanced specializations for Identity and Access Management, Information Protection and Governance, and Threat Protection. 

Digital transformation will continue to reshape entire industries, and as it does, new vulnerabilities will be exposed. While no organization is exempt from cyber risk, by using the right mix of resources, insights, and tools partners can help our customers forge defenses that can reduce the likelihood and impact of a breach. As we continue to work together, I am confident that we can rise to the challenge of protecting our collective data, both now and in the future.