Multifactor Authentication (MFA) as a security component of Microsoft / Office 365
As promised, the follow-up to the news article “Microsoft 365 – 4 reasons why SMEs should opt for Microsoft 365” and “Reason 3 – IT security strengthens customer trust”.
SMEs are increasingly targeted by phishing & hacking attacks – the sensitivity in many SMEs is often non-existent: “I’m not the focus of an attacker, I’m too small or I don’t have anything worthwhile!”
But the reality is different and every SME should prepare. The fact of the shift to increased remote working in the wake of COVID-19! is a crucial risk factor in this. – Multifactor authentication; a multi-layered defence against phishing & hacking attacks! It puts a hurdle in the way of unauthorised persons gaining access to physical locations, computing devices, networks or databases.
For an extra level of security when logging in to Microsoft 365/Office 365, or for a service or application that uses the Azure AD tenant for your subscription, you can enable Azure Multi-Level Authentication, which requires more than just a username and password to verify an account.
The what & why of multifactor authentication:
Multifactor Authentication (MFA) is a security system that requires more than one form of authentication to verify accuracy. Ultimately, employees and their defined passwords pose an incalculable security risk for companies. Multifactor authentication immediately makes user accounts more secure by requiring additional proof of identity at login. This can be done, for example, by entering a code on the smartphone or by fingerprint scan.
By activating multi-factor authentication MFA, the probability of your account being compromised decreases by 99.9%!
Requirements for multifactor authentication:
MFA can be activated for every M365 or O365 tenant and does not require a special licence. However, the range of functions is limited with non-premium licences. An extended range of functions for MFA is offered by “Conditional Access”, which, however, requires Microsoft 365 Business Premium, Azure Premium P1 or Enterprise Mobility + Security E3 licensing.
MFA support in Microsoft 365:
| Plan | Recommendation | Client type |
| All Microsoft 365 plans | Use security standards that require MFA for all user accounts. You can also configure the MFA on individual user accounts per user, but this is not recommended. | Small business |
| Microsoft 365 Business Premium Microsoft 365 E3 Azure Active Directory (Azure AD) Premium P1-Lizenzen | Use conditional access policies to require MFA for user accounts based on group memberships, apps or other criteria. | Small Business to Enterprise |
| Microsoft 365 E5 Azure AD Premium P2 Licences | Use Azure AD Identity Protection to require MFA based on login risk criteria. | Enterprise |
Forms of authentication:
Thus, for Azure AD multifactor authentication, at least two of the following authentication methods are mandatory:
- A piece of information known to the user (usually a password)
- An object in the user’s possession, e.g. a trusted device that cannot be easily duplicated (telephone or hardware key).
- A biometric characteristic of the user (fingerprint or face scan)
Other possibilities are:
- Microsoft Authenticator-App
- OATH-Hardwaretoken
- SMS/Call
How multifactor authentication works:
The advantages of multifactor authentication:
- Protect identities – up to 99.9% less vulnerability to attacks.
- The options for Security & Compliance in Microsoft 365 are versatile and complex. However, companies can already make a big contribution to data protection in the cloud with little effort by activating multifactor authentication.
- Tailored to customer needs – from MFA on individual users (free of charge), to risk-based MFA (chargeable)
Multifactor Authentication is an assessment component of our Security Assessment offering.
