Chris Stegh / / Categories: Best Practices, Cloud Security, Executive View, Azure

Cloud Security: How Far Should you Take MFA?

How far should you take Multi Factor Authentication or MFA? 

Four Areas where you Must.

Once you enable Multi-Factor Authentication for Global Administrators, Microsoft’s second recommendation to improve your Office 365 Secure Score is to enable MFA for end users. This is easier said than done, since doing so imposes additional steps on users when logging in and waking sleeping devices.

Let's take a realistic look at the types of users who are most pivotal and for whom enabling multi-factor shouldn't be up for debate.

  1. Financial, accounting, procurement or sales personnel who are dealing with invoices, purchase orders, or electronic payments. These high value targets have been well known to be victims of identity breaches and phishing attacks, which can lead to reputational and financial damage. For some industries (i.e. financial services, banking), this could mean the entire company.
    2. Human Resources associates who are dealing with personally identifiable information.  The same goes for certain roles in industries like health care and education.
    3. Executives who are likely sending and receiving confidential material about mergers, acquisitions, major personal and organizational changes, etc.
    4. R&D and key product management personnel who are sending and receiving confidential information about patents, pricing, and differentiating Innovations.

For others, yes, it’d be great to implement Multi-Factor Authentication, and it is recommended if you can smooth over the change management aspects.  Ideally, people could be convinced that there is some value to them dealing with the extra step. To some, the value might simply be that they won't be embarrassed and exposed as often as they’d be if they continue to use weak passwords and a single factor.  For others, compliance and regulations may be the driver.

Over time, as more commercial applications from banks and payroll systems prompt users for multiple factors, people will be more likely to adjust at work without complaint. But until then, protect these high value targets now to reduce the most serious financial and reputational risk of your organization.

See also:

Practical advice for “Securing Data Throughout its Lifecycle

Azure Active Directory enables Multi-factor Authentication (with conditional access to minimize user intervention)



Work with our team of Cloud Computing Consultants who have done this so many times they know all of the “minefields” to prevent missteps.