Multifactor authentication (MFA) as a security component of Microsoft / Office 365
As promised, the follow-up to the news article «Microsoft 365 – 4 reasons why you as an SME should choose Microsoft 365» or to “Reason 3 – IT security strengthens customer trust”. We explain an easily feasible step in the area of IT security; M.F.A.
SMEs are increasingly being targeted by phishing and hacker attacks - many SMEs are often not sensitive to this: "I'm not the focus of an attacker, I'm too small or I don't have anything worthwhile!" But the reality is different and every SME should prepare. The fact of the shift to increased remote work in the wake of COVID-19! is a crucial risk factor. – Multifactor authentication; a multi-layered defense against phishing and hacker attacks! A hurdle is placed in the way for unauthorized persons to gain access to physical locations, computing devices, networks or databases.
For an additional level of security when logging in to Microsoft 365/Office 365 or for a service or application that uses the Azure AD tenant for your subscription, you can enable Azure multi-factor authentication, which requires more than just a username and password to verify an account.
The What & Why of an MFA:
Multifactor authentication (MFA) is a security system that requires more than one form of authentication to verify accuracy. Ultimately, employees and their defined passwords pose an incalculable security risk for companies. Multifactor authentication immediately makes user accounts more secure because additional proof of identity is required when logging in. This can be done, for example, by entering a code on the smartphone or using a fingerprint scan.
By activating multi-factor authentication MFA, the probability decreases by 99.9%, that your account will be compromised!
Requirements for MFA:
MFA can be activated for every M365 or O365 tenant and does not require a special license. However, the range of functions is limited for non-premium licenses. “Conditional Access” offers an extended range of functions for MFA, but requires Microsoft 365 Business Premium, Azure Premium P1 or Enterprise Mobility + Security E3 licensing.
MFA as support in Microsoft 365:
Map | Suggestions | Type of customer |
All Microsoft 365 plans | Use security standards that require MFA for all user accounts. You can also configure MFA on individual user accounts per user, but this is not recommended. | small business |
Microsoft 365 Business Premium
Microsoft 365 E3 Azure Active Directory (Azure AD) Premium P1 licenses |
Use Conditional Access policies to require MFA for user accounts based on group memberships, apps, or other criteria. | Small Business to Enterprise |
Microsoft 365 E5 Azure AD Premium P2 licenses | Use Azure AD Identity Protection to require MFA based on sign-in risk criteria. | Enterprise |
Forms of authentication:
For Azure AD multi-factor authentication are therefore at least two of the following authentication methods mandatory:
- Information known to the user (usually a password)
- An object owned by the user, e.g. B. a trusted device that cannot be easily duplicated (phone or hardware key)
- A biometric characteristic of the user (fingerprint or facial scan)
Other possibilities are:
- Microsoft Authenticator app
- OATH hardware token
- Text/call
How MFA works:
The advantages of multifactor authentication:
- Protect identities – up to 99.9% less vulnerability to attacks.
- The options for security & compliance in Microsoft 365 are diverse and complex. However, companies can make a big contribution to data protection in the cloud with little effort by activating multifactor authentication.
- Tailored to customer needs – from individual user MFA (free) to risk-based MFA (paid)
Multifactor authentication is an evaluation component of our offer Security assessment