Starting on September 30, third-party apps that only use your Google username and password to authenticate will be unable to access any apps on your Google Workspace account. Microsoft will also be removing cloud access on Outlook.com to Gmail inboxes.
Both moves are reflective of increased authentication measures designed to restrict access to email and other sensitive information. According to the federal government’s Cybersecurity and Infrastructure Agency (CISA), over 90% of cyberattacks begin with an email.
The ultimate goal of these attacks is to gain access to a user’s email and other sensitive accounts. With the rise of AI, phishing attacks are becoming more sophisticated and less likely to be decoded by the standard user. Google’s move to block access, no matter how much of a headache it may mean for users, is ultimately in our best interest. Microsoft and other vendors have agreed to make similar moves to prioritize security.
What removing access to less secure apps means
Apps which are not owned by Google will be the only ones that will be affected. This includes major ones, such as Outlook and Salesforce, as well as a number of minor apps that your users may have installed.
Users with some Chrome extensions will not be affected. Extensions will only be affected if the app attached to them only uses your Google username and password to sign in without an additional layer of authentication. Google Workspace add-ons are more likely to break as most use your Google username and password to authenticate.
This may mean that some minor apps and add-ons your users are using will stop working for them on September 30. Most will likely switch to using Sign in With Google if they aren’t doing so already. This may mean some minor support calls in which you help them to find viable alternatives with multi-factor authentication (MFA). In the case of Google Workspace add-ons, Google may have rolled out native functionality which replaces what the add-on did for your users.
In advance of the deadline, you may want to craft an internal policy in which IT has granular control over minor third-party apps, and users put in a support request if they want to use them. Add-ons and apps can then be evaluated for security and installed as needed. Additionally, if your company doesn’t have an MFA policy for all software, you should look at implementing one. Apps such as Duo or Google Authenticator are much better to use for MFA than using a phone number, since phone numbers are easier to bypass for bad actors.
Microsoft removing Gmail access from Outlook.com
Microsoft is getting ahead of Google’s September 30 deadline by removing cloud access to Gmail inboxes on Outlook.com beginning on June 30. If your organization is dual-using both Microsoft and Google emails, your Google email users can still access their Gmail by downloading the Outlook app or by accessing their Gmail online at Gmail.com instead.
It’s clear that the future is app-based MFA for most organizations. It will take your employees longer to sign on to their apps, but the payoff is enormous in the age of AI, where cybersecurity threats are skyrocketing enough to warrant this minor irritation that users may feel.
Do you need help locking down your Google Workspace and implementing security policies? We can help! Contact UpCurve Cloud today to find out how.
Contact Us to Learn More about Transforming Your Business