For a long time, Microsoft has considered multi-factor authentication to be important. In fact, MFA is also available for Microsoft 365 and for Azure Active Directory. Microsoft has even gone so far as to say that enabling multi-factor authentication can prevent 99.9% of attacks on your accounts!
As compelling as this statistic might be, it doesn’t tell the whole story. Why is enabling multi-factor authentication so important? This guide will help you answer this question.
Why Is It So Important to Enable Multi-Factor Authentication?
As mentioned above, Microsoft believes in the importance of MFA. They even know that it can stop most attacks against your network. It’s also far more difficult to attack accounts secured with MFA. As a result, it’s important to enable multi-factor authentication. Otherwise, you’ll be a prime target for attackers.
Okta Backs These Claims
This idea was backed up by a recent study from Okta. The company’s Businesses at Work Report found that “Hackers aren’t just targeting accounts with Microsoft Legacy Authentication—they’re targeting them on average 53 times more across all industries”. This same report also essentially confirmed Microsoft’s findings. According to the report, when an organization prohibits legacy authentication, then “the ratio of threats to authentications drops by 90–99%”.
But something interesting and counterintuitive also came from this report. Across industries, MFA reduced authentication-related threats by varying degrees. Basically, the Technology Industry saw the greatest benefit with a threat reduction ratio of 99.6%. All the industries studied were able to achieve threat reduction ratios above 96%. Well, all but one; the Insurance industry which seems to be an outlier. In fact, it had a threat reduction ratio of only 89.6%.
But that’s almost a 90% reduction, so it’s still extremely significant. That’s something to consider, even if the ratio isn’t quite as impressive as that of other industries.
Clearly then, MFA is your gateway to decrease the likelihood of attacks against your accounts. Let’s take a look at the steps that are involved in doing so.
How to Enable Multi-Factor Authentication
Generally, enabling multi-factor authentication in Microsoft 365 is a simple matter. However, you may be using legacy (per user) multi-factor authentication. In that case, you should disable it. After that, you can turn on multi-factor authentication.
To enable modern multi-factor authentication, perform these seven steps:
- Log into Microsoft 365 as a Global Administrator and open the Microsoft 365 Admin Center
- Click Add Admin Centers and then click on the option for the Azure Active Directory Admin Center
- Select the Azure Active Directory tab
- Click Properties
- Press the Manage Security Defaults link, shown in the figure below
- Click Yes to enable security defaults, as shown below
- Click Save
The Bottom Line
To sum up, Microsoft has been actively encouraging its customers to enable multi-factor authentication for quite some time. But it’s only natural to wonder whether the stated security benefits will materialize in the real world.
However, the Okta study seems to confirm what Microsoft has been saying all along. All this to say that MFA is one of the most important things you can do to protect your accounts.
Do you have more questions about MFA? Check out the FAQ and Resources sections below!
What permissions are needed to enable multi-factor authentication in Microsoft 365?
To enable MFA, you will need to have Global Admin permissions for the tenant. The user who originally set up the Microsoft 365 subscription is automatically designated a Global Admin. Yet, organizations commonly assign the Global Admin role to a few other administrators. Microsoft recommends that each organization have between two and four Global Admins.
Does an organization need to do anything special if it has been using legacy MFA?
Before you enable modern MFA, you need to disable legacy MFA. To do that, firstly open the Microsoft 365 Admin center. Then, go to the list of users. Finally, set the Multi-Factor Auth status to Disabled for each user.
Does modern multi-factor authentication work with Conditional Access Policies?
Yes, you can configure multi-factor authentication to work with Conditional Access Policies. But to do that, you need to disable legacy, per user multi-factor authentication. You’ll also need to turn off the security defaults.
Should my organization use multi-factor authentication if I have users working from old versions of Office?
Ideally, your users should be using current versions of Microsoft Office. Most Microsoft 365 subscriptions include Office applications. As a result, an upgrade should be readily available. However, if you have users working from the 2013 version (particularly Outlook 2013), then you can use registry keys. This will add support for modern authentication.
What authentication methods can be used as the second authentication factor?
It’s ultimately up to you as the administrator to determine which authentication methods to use. Microsoft supports using the Microsoft Authenticator App, a phone call, or a text message. Ultimately, the important thing is to secure your accounts with MFA.
TechGenix: Article on MFA Optimization for Microsoft 365
TechGenix: Article on MFA with Azure Premium
Read more on how MFA works with Azure Premium features.
TechGenix: Article on Microsoft 365 Passwords
Find out how to ditch your Microsoft 365 passwords for better MFA security.
Microsoft: Guide to Using MFA with Microsoft 365
Microsoft: Documentation on MFA Setup in 365
Find Microsoft’s documentation for setting up MFA in Microsoft 365.
Microsoft: Article on MFA Protecting 365 Users
Read more on how MFA protects Microsoft 365 users.