Shield for Office365

Take No Chances When It Comes To Security!

With the erosion of the Enterprise/Campus network perimeter, thanks to enterprise mobility & BYOD, users access sensitive information from multiple devices & locations.



Start your free trial!

Problem Statement

Customers using QuickLaunch as a federated authentication service
  • The requests get directed to QuickLaunch Identity Provider for Login
  • Due to the request coming from Office365TM, QuickLaunch does not block the request*, instead sends it to your Active DirectoryTM to process
  • If username if valid and the password isn’t, account would locked out after policy is violated** (if there is a policy set in your Active Directory)
  • If username is invalid, the login service reloads with an ‘invalid username’ error
  • Due to the extremely high frequency of the number of requests, your Active DirectoryTM may experience performance issues
  • *QuickLaunch does not automatically block the attack because the request is coming from a valid source directly, namely Microsoft
  • **Account lockout on Active DirectoryTM because valid Usernames are being used. This is possible because staff/student directories are typically available publicly
Customers using MicrosoftTM or another 3rd party as a federated authentication service
  • The requests get directed to MicrosoftTM/3rd Party’s Identity Provider for Login
  • Due to the request coming from Office365TM, the request isn’t blocked and sends the request to your Active DirectoryTM to process
  • If username is valid and the password isn’t, account would locked out after policy is violated** (if there is a policy set in your Active DirectoryTM)
  • If username is invalid, the login service reloads with an ‘invalid username’ error
  • Due to the extremely high frequency of the number of requests, your Active DirectoryTM may experience performance issues

What are the symptoms of a brute force attack?

Account Lockout

Help Desk flooded with
‘my account is locked out’

AD performance issues/alerts

What are your options?

You can go to MicrosoftTM

$72 / user / year

Procure DDOS protection service from MicrosoftTM which would filter and block ‘bad actor’ IPs

  • Problem gets resolved.
  • Cost of enabling the service.

You can go to QuickLaunch

$8 / user / year

Procure QuickLaunch Shield which would filter and block ‘bad actor’ IPs

  • Problem gets resolved at approximately 11% of what you would pay to Microsoft annually.
  • Currently, this service and the blacklisting needs to be manually configured and maintained by QuickLaunch.

Note: This means that even after enabling QuickLaunch Shield, if there is an attack from a new indirect IP that isn’t on the QuickLaunch Shield global blacklist policy already, you may still experience the symptoms and be required to create a support case to allow for QuickLaunch to update its policies

This will be automated with SmartShield, which has a release date of April 30th, 2019 and will be a no-cost upgrade

Ready to Enhance IAM at Your Organization?

Schedule a demo with us and learn all about our IAM products - IDP, SSO, Smart Password Manager, Automated Provisioning, Multi-Factor Authentication, Adaptive Authentication, and Shield. Implement our solutions at your institution and enhance the efficiency of all your users.

Get a Demo