Multi Factor Authentication now required for all users
Microsoft has announced that as part of its efforts to boost security of its cloud services, it will be turning on the security defaults setting for all Azure tenants. This includes multi factor authentication (MFA).
Microsoft’s security defaults are a set of preconfigured security settings that are available to everyone at no extra cost. Security defaults are intended for organisations who want to increase their security posture but don’t know how or where to start, or for organisations using the free tier of Azure Active Directory licensing. This does not apply to organisations that already use stricter controls such as Conditional Access.
When signing up for Managed Services from BMIT, these fundamental features are deployed as part of our security baseline. However, we can take your cybersecurity posture to the next level, help you safeguard your employees' identities and protect your data while enhancing your employees' experience.
Microsoft will be automatically enabling the setting after June 27. Before then, admins will be encouraged to proactively enable security defaults.
What happens after the setting is turned on?
After the setting is turned on, every user in the tenant will need to register for multi factor authentication. Microsoft is strongly advising admins to advise and prepare users for this change.
When users sign into their account, they will be asked to install the Microsoft Authenticator App. Instructions on how to set up the app on their mobile device can be found here.
What are the benefits?
According to Microsoft, enabling MFA can help block more than 99.9% of identity attacks to compromise accounts. When enabled:
- All users are required to register for Azure AD Multifactor Authentication
- Administrators are required to do multifactor authentication
- Users are required to do multifactor authentication when necessary
- Legacy authentication protocols are blocked
- Privileged activities like access to the Azure portal are protected.
With MFA, you are helping to increase the organisation’s security posture and in so doing, you are:
Protecting against password-based attacks: By enabling MFA, even if an attacker manages to obtain or guess a user's password, they would still need an additional factor, such as a mobile device or a biometric verification, to gain access.
Preventing phishing and social engineering attacks: Phishing attacks remain a prevalent threat. MFA adds an extra layer of protection by requiring users to provide a second factor that is typically not easily replicable, such as a one-time password (OTP) generated on a mobile device. Even if a user unknowingly falls victim to a phishing attack, the attacker would still require the second factor, thus preventing unauthorised access.
Strengthening Identity and Access Management (IAM): By enabling MFA, businesses can enforce strong authentication policies and ensure that only authorised individuals with the necessary credentials can access sensitive data and systems.
Enhancing Security in Remote Work Environments: MFA helps protect remote access to cloud-based applications and services by requiring additional verification, regardless of the user's location. This ensures that only authorised users can access critical resources, even when working from outside the corporate network.
Are you a BMIT customer or need assistance? Get in touch with us today.