Multi-Factor Authentication
Multi-factor authentication (MFA) is an essential piece of security for any modern business. Whether you're trying to meet compliance requirements or trying to increase the security of your business, MFA can help. By implementing MFA, you can help secure your company's assets, confidential information, and accounts. MFA is especially vital if you have remote worker employees that access corporate resources on their laptops from home.
When two or more factors are used, we call it multi-factor authentication (MFA) For example, when you log into a website, it will ask for your password. That is the first factor. With MFA, after inputting your password (a password anyone could guess) our MFA tools will require a second factor to be able to actually log into the website. Therefore, if your password has been exposed, the hacker will still be unable to login.
Benefits and Features of MFA
- Greatly reduces the chances of account compromise
- Compliant with cybersecurity regulations
- Simply click "Yes" to a confirmation pop-up on your mobile phone, when logging in from a new location
- Can simply be disabled when in an office location (using static IP supplied by ISP)
- Can prevent most logins from foreign countries you are unlikely to be in
- Very easy to use and cost effective
- Protects access to computers, employees credentials, networks and Cloud applications
Options for MFA in Microsoft365
The 3 options for your to choose from for MFA in M365 are:
- Conditional Access Policies
- Security Defaults
- Legacy Office 365 Multi-Factor Authentication
Conditional Access Policies
Our most recommend option, with by far the most customizability and power. This option is only included in Business Premium, Microsoft E3, and Microsoft 5 (they are NOT in Office E3 or E5). To obtain this without one of the 3 licenses discussed, you must either need the Azure Active Directory Premium add-on by itself, or it is included with Intune and Office 365 Message Encryption in Enterprise Mobility + Security E3.
Security Defaults
Security defaults are a pre-packaged, un-modifiable set of conditional access policies. They are available in all subscriptions with no additional charge. If your organization is content with these set defaults, it is typically the easiest option for you. The most common blocker to using security defaults is a service account that needs to authenticate and cannot use MFA. For example, a scanner that scans to email or a website form that sends email as a user. There are ways around most of these blockers, but they have additional requirements, like needing static IP's.
Legacy Office 365 MFA
Legacy Office 365 multi-factor authentication is also available in all subscriptions at no additional cost. It is much more configurable than security defaults, but not nearly as configurable or powerful as conditional access. Microsoft's recommendation is to use one of the other 2 options (conditional access policies or security defaults).
The 3 options for Multi-Factor Authentication in M365 can not be mixed and matched. All users in the tenant have to committed to just one of the 3. For example, you can not have 8 users governed by security defaults and 2 other service accounts governded by conditional access and/ or legacy Office365 MFA.
Get Started Today Using MFA
We know that staying up-to-date with the latest technology can be a challenge, especially trying to figure out what your unique organization needs. The nerds at #TechStarters are here to help. We speak nerd, so you don't have to. Keep your business secure and get started using multi-factor authentication today! We offer free cybersecurity consultations and can give you peace of mind knowing your company will be safe. Once you implement MFA, you have the option to get hands on training from one of our senior technicians. Give #TechStarters a call today and talk nerdy to us!