05 Jul 4 Reasons why you should enable Multifactor Authentication on Microsoft 365
70% of individuals lack a high degree of confidence that their passwords can adequately protect their online accounts. This is not surprising as if a password is the only line of defence between a hacker and your account, it is not difficult to for them to gain access. A malicious threat actor has many tools at their disposal to find a password, including brute force attacks, phishing, previous data leaks and keystroke logging, just to name a few. Although there are password best practices that should be followed, even a long, complex password is not secure enough, especially in a business setting. If a hacker were to gain access to an employee’s Microsoft account this may allow them access to sensitive data, financial information, or the ability to use the employee’s account to phish another employee with higher access to information.
Thankfully, there are tools that provide an extra level of protection to increase security beyond a password. Multifactor authentication (MFA) is an authentication process where a user must provide two or more forms of identification to login to their account. Azure AD Mult-Factor Authentication works by requiring two or more of the following authentication methods: something you know (typically a password), something you have (typically a trusted phone or hardware key), and something you are (typically biometrics, such as a fingerprint or face scan). Below are four reasons why you should enable MFA on your Microsoft 365 account.
The obvious reason as to why a Microsoft 365 account should have MFA is that it greatly increases the security of the account. Although a password can be cracked, it is significantly more difficult for a hacker to obtain or duplicate the other authentication factor. There is a possibility that the second factor of authentication can be phished if an employee gives the authentication code to a hacker, however if staff are given sufficient training and there is a culture of security within an organisation, this risk is very low. Other than a phishing attempt most current tools at a hacker’s disposal are not effective against multifactor authentication, therefore there is no reason why it should not be used to protect Microsoft accounts in most organisations.
Ease of deployment
For a solution that prevents 99.9% of account compromise attacks it is simple to deploy. From an IT Administrator’s perspective, MFA is supported on all Microsoft 365 plans and is enabled from the Microsoft Admin Centre. If the business has Azure Active Directory it is enabled through the Azure portal. Once MFA is enabled when users next attempt to login they are prompted with a notification requiring them to either add their phone number for SMS MFA, or to download the Microsoft Authenticator app which allows for biometrics or a PIN to access their one time passcode to login.
Options to suit all businesses
Not all businesses have the same needs and Microsoft has six options for MFA to ensure that regardless of the business or the employee preferences there is an option to suit all. The most common options are Microsoft Authenticator on a mobile device or using SMS and Voice. However, there is also Windows Hello for Business on Windows 10 devices that allows biometric authentication through the device’s camera or fingerprint scanner. For particularly security conscious businesses there is the option for FIDO2 security keys and hardware tokens. Both of these options use a physical device as the second authentication method.
Simplified login process
Adding an extra step to the login process may seem like it would make it more complex. However, the increased security and the fact the authentication is through Azure Active Directory allows single sign in for all Microsoft applications. This means that when an employee logs into their Windows account for sign-in they are also logged into all Microsoft 365 applications. There is also the possibility to connect many other SaaS applications to the Azure AD allowing single sign in for all necessary applications for an employee, not just Microsoft.
All businesses should consider implementing multifactor authentication to add an extra layer of security to their Microsoft 365 accounts. It should be noted that MFA is not the be all and end all of cybersecurity tools, however it is a tool that should be part of a wider strategy to ensure that a business and its data remains safe from malicious outsiders. If you want to find out more about multifactor authentication or how to build a cybersecurity strategy, get in touch with us today.