3 Reasons Businesses Should Turn on Multifactor Authentication (MFA) in MS 365

January 6, 2023

3 Reasons Businesses Should Turn on Multifactor Authentication (MFA) in MS 365

Multifactor authentication – also known as MFA or 2-step verification – helps to protect businesses, users and customers from various cyber security threats. It’s a process that requires users to provide at least two methods of authentication when logging in to an online application.

According to research company Statista, over 870,000 companies in the U.S. alone use Microsoft 365 as of early 2022, making it one of the most popular software programs for businesses. While Microsoft 365 does not currently require MFA for log-in, users can manually update their security settings from “MFA enabled” to “MFA enforced.” And the experts at Atlas highly recommend taking this step for improved cyber security.

Here are three reasons businesses should turn on multifactor authentication in Microsoft 365.

Better cyber security protection

MFA is a key component of a strong cyber security program because it protects from cyber security threats. These include data breaches, malware attacks and other malicious attempts that can result in fraud, theft, damage and disruption to a business.

Due to the sophistication of today’s cybercriminals, it’s nearly impossible for employees to secure an online or mobile account with just a password. Consider:

90% of passwords can be cracked in less than six hours.
Cybercriminals have the power to test billions of passwords every second.
Two-thirds of people use the same password for all logins.

MFA adds another layer of protection to logins. It may require that users provide both a username and password combination, plus a verification code, answer to a security question, facial recognition or other verification method. This second method of verification would be something a cybercriminal typically wouldn’t have access to, thereby increasing the security exponentially.

Enforcing MFA on all programs and gateways to your business’ IT network is a best practice, including on Microsoft 365.

To meet cybersecurity insurance coverage and renewal guidelines

Cybercrime has continued to rise over the past 24 months, impacting businesses of all sizes. This has prompted an increased awareness of and interest in cyber-insurance. Cyber-insurance is coverage to help businesses prepare for, respond to and recover financially from cyberattacks.

Interestingly, cyber-insurance is becoming tougher to get. Insurers are looking very closely at organizations’ IT security controls when writing and renewing policies. That means the more your organization can implement cyber security best practices, the more likely it will be to get insurance coverage.

In fact, we have seen the following questions asked on cyber-insurance applications:

Do you use MFA to protect all local and remote access to privileged user accounts?
Do you use MFA to protect users’ access to email?
Do you use MFA to secure all cloud provider services that you utilize (e.g. Amazon Web Services (AWS), Microsoft Azure, Google Cloud, or other hosted cloud or web services)?

Microsoft 365 would fall under the last question above, as a cloud-based service.

To be ahead of the curve if/when M365 requires it

Because so many other web-based applications require MFA when users log in, the experts at Atlas think it’s only a matter of time before Microsoft 365 does the same.

Deploying MFA on all users’ accounts can be a time-consuming and labor-intensive process. So, it’s best to begin now, rather than reacting to the requirement if and when the time comes.

The team at Atlas Professional Services has been working with clients to proactively set up MFA on Microsoft 365 for added cyber security. Our efforts include:

Communications to staff, explaining why the update is important
Sending users a guide outlining how to set up enforced MFA on Microsoft 365
Offering personal assistance to walk users through making the update, in real-time
Tracking account updates for all users to ensure company-wide compliance

Whether you work with an internal IT department, managed service provider (MSP), or cloud service provider (CSP), know that the process will take time. This is especially true for large companies with many employees. Make the switch now, for better cyber security protection and peace of mind.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.