How we use Multi-Factor Authentication

Multi-factor authentication is a must-have in the technology world, especially in the situation where remote working is required. Implemented correctly makes it significantly more difficult for an enemy to steal legitimate credentials to facilitate further malicious activities on a network. Due to its effectiveness, multi-factor authentication is one of the Essential Eight from the Strategies to Mitigate Cyber Security Incidents.

Minimise security vulnerabilities for Remote access solutions

When implementing multi-factor authentication, it is essential to work with the right team to ensure that this is done correctly, to minimise security vulnerabilities and avoid a false sense of security of your network. However, you should always use appropriate authentication for each resource you’re trying to protect.

MFA should be implemented for remote access solutions, users performing privileged actions and users accessing important (sensitive or high availability) data repositories. Multi-factor authentication is important to be used for corporate workstations as well, so that an enemy won’t be able to compromise the username or password from a remote access device and then use it to authenticate either locally to a corporate workstation or to propagate within a network after compromising an initial workshop on the network via phishing techniques.

Compliance, minimum of security

This means that you cannot let compliance alone steer your multi-factor authentication implementation. Do not fall into the trap of ‘check-box compliance’, thinking that just because you’re meeting the regulation requirements, that you have increased security. You should make sure that whatever multi-factor authentication method you use is currently recommended and always have the goal of the system and data security in mind, not just compliance.

Multi-factor authentication is fast becoming a requirement for customer applications, but it can add friction to their experiences. Whether your customers see it as an unnecessary headache, or as a welcome security protocol, often depends on how it’s implemented. If you choose to require multi-factor authentication every time a user logs in, it can be secure but inconvenient. If you offer the option for multi-factor authentication but hide it deep in the settings menu of your applications, most of your users may never choose to turn it on and won’t gain the security benefits it offers.

Simplification of Login Process

You would think that having multiple authentication factors would make logging into accounts more complicated. The security given by multi-factor authentication actually allows companies to use more advanced login options like single sign-on.

Single sign-on works by validating the user through MFA during the login process. Once the user is authenticated, they are logged into their single sign-on software. From there, they have access to the covered apps of the single sign-on software, without the need to log in for each app separately.

This scenario gives practicality to multi-factor authentication implementation, as one of the challenges of implementing it is login fatigue. This refers to users getting tired of logging into different accounts and multi-factor authentication would only add more stress to the users. But combined with single sign-on, a single multi-factor authentication instance would cover all apps needed by the user.

MFA with Office 365 for businesses or Microsoft 365 Business

Every new Office 365 for business or Microsoft 365 Business subscription will automatically have security defaults turned on. This means that every user will have to set up multi-factor authentication and install the Authenticator app on their mobile device. To set up or modify multi-factor authentication, your IT managed services provider must be an Office 365 global admin.

If you have Microsoft 365 Business or your subscription includes Azure Active Directory Premium 1, or Azure Active Directory Premium 2, you can also set up conditional access policies. To use conditional access policies, you need to make sure modern authentication is enabled.

The modern Authentication of Office 365 for businesses or Microsoft 365 Business

All new office 365 tenants that include Skype for Business online and Exchange online have modern authentication enabled by default. However, the modern authentication in Exchange Online providing you with a variety of ways to increase security in your organisation with features like conditional access and multi-factor authentication.

Cloud-based Azure MFA deployment

Multi-Factor Authentication comes as part of the following offerings:

  • Azure Active Directory Premium or Microsoft 365 Business – Full-featured use of Azure Multi-Factor Authentication using Conditional Access policies to require multi-factor authentication.
  • Azure AD Free or standalone Office 365 licenses – Use Security Defaults to require multi-factor authentication for your users and administrators.
  • Azure Active Directory Global Administrators – A subset of Azure Multi-Factor Authentication capabilities is available as a means to protect global All users, a specific user, member of a group, or assigned role.

Cloud solutions with Xenex Systems

If you are not sure of your modern authentication status for your Microsoft business plan or you’re considering making an upgrade, get in touch with our professionals at Xenex Systems. As Microsoft Silver Partner you can purchase any of the Business plans with us. Get in touch at (08) 6245 2800 or leave your enquire here.