Monday 10th January 2022
Delegated Administrative Privileges in the Cloud Solutions Provider (CSP) Program
Delegated Admin Privileges (DAP) are required by Bytes to perform specific tasks related to purchasing and provisioning software and to provide technical support to its customers within the Cloud Solutions Provider (CSP) program. DAP is granted to Bytes when the customer to partner relationship is created. This document outlines the extend of our permissions and the security and access controls we have implemented to ensure customer data is secure.
Microsoft Online Services
Arm’s Length Systems
CSP Security best practices
Bytes have implemented all of the Microsoft CSP Security best practices with the exception of Microsoft Passwordless authentication. Bytes have deployed physical secure tokens which Bytes felt offered improved security over Microsoft Passwordless authentication option.
Customer Monitoring and Auditing
We encourage our customers to review and audit Azure AD sign-ins and configuration changes: Authentications of this nature are audited and available to customers through the Azure AD sign in logs, Azure AD audit logs, and the Microsoft 365 compliance center (formerly in the Exchange Admin Center). Microsoft recently added the capability to see sign-ins by partners who have delegated admin permissions. Customers can see a filtered view of these sign-ins by navigating to the sign-in logs in the Azure AD admin portal, and adding a filter ‘Cross-tenant access type: Service provider’ on the ‘User-sign ins (non-interactive)’ tab.
Nobelium targeted attacks
The Microsoft Threat Intelligence Center (MSTIC) recently detected nation-state activity attempting to gain access to customer data and information of multiple cloud service providers, managed service provider (MSP) partners, and other IT services organizations that use delegated administrative privileges or other elevated credentials to administer customer environments.
This situation is not the result of a security vulnerability but rather the attacker using a diverse and dynamic toolkit consisting of malware, social engineering and phishing to gain initial access, leveraging trusted relationships to gain access to downstream customers.
Nobelium is the same actor behind the SolarWinds compromise in 2020, and this latest activity shares the hallmarks of the actor’s compromise-one-to-compromise-many approach. Microsoft has notified organizations that the Microsoft Threat Intelligence Center (MSTIC) has observed being targeted or compromised by Nobelium through our nation state notification process.
Bytes have completed a thorough review of our security policies in light of the Nobelium activity.
Want to keep informed? Sign up to our Newsletter
Or email [email protected]