Communication Delivery Platform

CategoryDirect Routing

Zero Sign-On Authentication

Z

MachCloud is the first provider of its kind to introduce Zero Sign-On Authentication (and why that is a big deal)

Getting rid of passwords is the best way of keeping them out of criminals’ hands. Introducing Zero Sign-On, also known as passwordless authentication method, increases security by preventing incidents caused by weak, stolen or leaked passwords. It also reduces administration hassle by automating the login process. This article describes the introduction of Zero sign-on at MachCloud, and why we believe you should start using passwordless authentication as soon as possible.

 

We all want to be safer online. Passwords are a weak link in online security. Passwords can be guessed, stolen from the company’s server, leaked from a device or compromised if users share them.

By adopting passwordless technology based on private keys, user keys cannot be guessed or shared between users. Private keys cannot be stolen by hacking into a company’s server or database and the method is resistant to phishing attempts because they’re all unique to websites. They can’t be used on fraudulent lookalike sites.

Passwordless

Why is it needed?
Today we use multi-factor authentication and password managers storing new usernames/passwords for every login. Unfortunately, this means more hassle and isn’t sufficient as a measure to avoid security breaches. Increasing malware attacks, social engineering scams, and password sharing results in tens of billions of login credentials being exposed by data breaches. Passwordless authentication is necessary to keep criminals from taking over accounts using stolen username and password combinations.

How does Zero Sign-on Authentication actually work?
When you connect to a secure website, your browser and the server exchange encrypted messages to keep your communication private. This encryption is made possible through the use of cryptographic keys. Think of cryptographic keys as a pair of locks and keys. Just as you can unlock a lock with its corresponding key, encrypted data can only be decrypted with the corresponding cryptographic key. When you establish a secure connection, your browser and server generate a unique key. These keys are then used to encrypt and decrypt the messages that are sent between them.

The keys are also securely shared between your browser and the server using public-key cryptography. This ensures that only your browser and the server have access to the keys, making it extremely difficult for anyone else to intercept or read the messages being exchanged.  
A passkey is a passwordless way to log in to apps and websites. A passkey is another name for a pair of cryptography keys generated by your authenticated device. A public key and a private key combine to create a passkey.

The website or web server stores your public key when you log in. The private key is only stored on your device. After your device authenticates your identity, the combination of the two keys grants you access to your account on the website. Passkeys are unique to each web server or website. Your PC or Mobile device that generates the passkey uses a biometric authentication tool, such as TouchID, to authenticate your identity. Windows Hello is a biometric authentication service offered by Microsoft that allows users to securely log in using facial recognition or fingerprint scanning. The result is that a secure login becomes as easy as scanning your fingerprint on a PC or Mobile device.

Apart from biometric data authentication, an extra layer of protection can be added with hardware security keys. These dongles can be USB keys, NFC keys, and Bluetooth keys.

MachCloud takes Zero sign-on Authentication security to the next level
Using passkeys, you can log into MachCloud’s Control Panel securely using the biometric authentication tool, such as TouchID (fingerprint reader). Activation is a simple 3-click action in account settings. One-time activation of Passwordless Authentication opens a security dialogue that asks permission to register the computer or mobile device. Each user adds their device using the Fingerprint reader and passkey system in the PC, such as Windows Hello. After device registration, the next logins of MachCloud’s Control Panel are as simple as scanning a fingerprint.

MachCloud Panel Passwordless
MachCloud Panel Passwordless

There is no need for the user to juggle multiple passwords and authenticators. This much simpler authentication process takes away the need to manage passwords among employees.

Microsoft Teams integration with Business Phone: What to expect?

M

A business Phone system is essential to every business these days. Microsoft Teams is a unified and full-fledged communication system that helps organizations to collaborate within the business environment. Latest business communication methods like chat, audio conferencing, and video meetings, file sharing is provided to users to stay in the know with the latest updates within a company project. 

Every Business still needs a business phone

Even though business communication has evolved from the traditional phone, a phone remains as the most common form of communication in offices today. There are scenarios where you have to communicate one-to-one with a customer or supplier outside your company. These scenarios are catered for in the Teams app as integration with VoIP systems is supported. Doesn’t it make business communication a whole lot simpler and smoother?

Setting up calling services in Teams

Setting up calling services in the Microsoft phone system is no rocket science. All you need to know is that you have the right licensing. Teams VoIP services can be obtained with an additional Microsoft 365 license. To use a phone system you have two options: 

  • Calling Plans: Get to know if Microsoft Calling plans are supported in your area. 
  • Direct Routing: Go for Direct Routing in Teams with your trusted local Telephony partner and select whether you want to keep using your existing comprehensive PBX or not.

What Should I know to set up a phone system with Microsoft Teams?

There are a few technical aspects of Teams that every business must be informed with. Let’s traverse through the important considerations of setting up your organizational phone system with Teams:

Use the existing PBX

That is the beauty of Microsoft Teams phone system. It doesn’t require you to start from scratch; rather, you can continue using your existing PBX. This way, your PBX can continue to stay, but you can still leverage the benefits of Teams Calling plans and chat-related features. Teams, thus, acts as your soft client for PBX.

Get the Right Phones

The existing business phone devices deployed at your end are in no way a hurdle between setting up Teams and be able to make calls via Teams, however, it is essential to know a few devices that would be replaced at your end (with no additional cost). Teams certified hardware includes very comprehensive Yealink phones: 

  • Yealink SIP-T40P
  • Yealink SIP-T41S
  • Yealink SIP-T42G
  • Yealink SIP-T42S
  • Yealink SIP-T46G
  • Yealink SIP-T46S

Related: WHAT PHONES WORK WITH MICROSOFT TEAMS?

Know your requirements

It might sound a bit challenging, but it is always good to have a vision for the communication as to how would you want it a few years from now. In other words: Know your requirements. The abrupt pandemic in 2020 has introduced a new requirement: Remote working.

Having remote working employees requires a high-speed connection, low latency, and frequent connections to the phone system, while limited internal communication requires an average internet connection and fewer connections to the phone system.

If remote working is one requirement, specify it in advance.

Related: MUST HAVE TECHNOLOGIES FOR ‘WORK FROM HOME’ SCENARIO

MachCloud is the Right Provider to get your PBX running with Teams

MachCloud offers seamless ways to integrate Teams Calling options with your existing phone system at reasonable rates. The Teams of experts are proficient to tackle all internal and external Teams related connection glitches that need addressing. The all-in-one communication platform also offers Teams Direct Routing, Calling in Teams, and purchasing Microsoft 365 licensing options.

Stay connected and get started with MachCloud to keep your business stay ahead of the curve in digital business communication systems.

Session Border Controller (SBC) Security Threats for Microsoft Teams Direct Routing

S
Teams Direct Routing

Redundancy

A SBC forms a Single Point of Failure (SPOF). Unless a redundant SBC is deployed it will lead to reduced availability.

Multi-Tenancy

A SBC is designed to provide functions for a single tenant (company). Even if the SBC is virtualized, every SBC instance has its own customer data that needs to be managed with every modification.

Controlled Media Path

The connection via the SBC increases the transmission path and delay. If a SBC is hosted in a public cloud, there is no quality guarantee of media traffic.

Full Control and Management

A SBC is a separate network element that has its own management environment. Automation of real-time orders can therefore be a real challenge.

Security

There are security threats especially when a SBC is managed by a third party.

Delay in Handling Porting Orders

In the Netherlands, number porting is carried out real-time and on-demand within 15 minutes. If a number porting order is implemented for the retention of a telephone number, 3 domains must be managed separately. The number porting will have to be done manually in different domains, such as the SBC. This leads to increased downtime for a customer.

Coherent Telecom Settings

Country specific telecom settings, such as filtering, CLIP / CLIR, number normalization, over-usage management and forwards are influenced by the SBC, which may result in deviations in the telecom functions between Microsoft platform and legacy telecom domains.

Customer Self Service

Migration to Microsoft Teams requires frequent adjustments to settings, numbers and reports. Because the control of the SBC cannot be fully automated, it will be a real challenge to offer customers self-service.

Third Party Equipment

Because the SBC is a third-party network element, additional tests and maintenance will have to be scheduled for adjustments and upgrades.

Communication Delivery Platform

Get in touch !

MachCloud is a leading solution provider, crossing all the barriers, for true cross platform unified communication.

Recent Posts