It’s widely recognised that Multi-Factor Authentication (MFA) is a crucial defence mechanism against cyber-attacks. Yet, as of 2024, MFA remains disabled for over 70% of M365 end users and administrators. Even though the simplest MFA can thwart 99% of prevalent cyber-attacks, many companies are yet to mandate its use. Let’s delve into some common reasons for this. 

This has led Microsoft to enforce use of Multi-Factor Authentication (MFA) for all Azure users. This decision is part of Microsoft’s ongoing efforts to enhance security and protect user accounts from cyber threats. 

The User Experience Dilemma 

Managed Service Providers (MSPs) strive to simplify end users’ experiences. However, implementing MFA could potentially lead to user dissatisfaction due to the additional steps required for data access. Moreover, customers often lack clarity about licensing costs, available end user options, and the MFA implementation process. 

As MSPs, our task is to persuade customers about the benefits of MFA, despite their understandable hesitations. 

Firstly, it’s crucial to comprehend a customer’s current state with their end users and M365 licensing. MSPs should ideally be able to report on this across their entire customer base, which also helps in detecting compliance drift. 

Secondly, MSPs need to recommend the most suitable MFA option for each customer. A comprehensive customer report can serve as the foundation of a project framework. 

Understanding Multi-Factor Authentication Costs 

Basic MFA is now included for all M365 users, irrespective of their license type. 

If customers further inquire about costs, perhaps the focus should shift to the costs of NOT implementing MFA for all users. 

In 2023, over 2,813 successful cyber-attacks occurred, with an average cost of over 4M per incident. 

Customers trust Microsoft Partners for the right recommendations. However, they might question the costs of the recommended IT project.  

When selecting an MFA option, several factors need consideration. Customers seek security but are often hesitant to increase M365 licensing costs or add extra steps for end users. MSPs also need to consider the setup steps for a particular MFA option. 

Conditional Access Based MFA is one of the best options. Despite requiring additional licensing, it offers a balance of high-level security with minimal end user impact. 

Education is Key 

Enabling MFA is just the first step. It’s equally important to educate users about the risks of accepting unexpected MFA prompts. Even with MFA, security isn’t guaranteed if users don’t know how to respond correctly to MFA prompts. Cybersecurity is a shared responsibility, requiring both robust security measures and informed users. 

Many MSPs and IT professionals periodically conduct simulated attacks to identify end users who need additional training and to reinforce best practices for those who are already informed. 

Microsoft MFA enforcement 

The enforcement of MFA by Microsoft is a significant step towards enhancing the security of Azure users. It underscores the importance of robust security measures in the face of increasing cyber threats. Since July, Microsoft has intensified its efforts to implement Multi-Factor Authentication (MFA) across all organizations. To avoid any disruptions, it’s crucial not to overlook this change. Imagine arriving at your office one morning to discover that all your users are unable to access their accounts due to the new MFA requirements.  

To prevent such a scenario, it’s advisable to stay ahead and adapt to these security enhancements promptly. Our Team at Enterprise Solution can assist you through any Microsoft MFA challenges your organisation may face. 

Contact your team of expert at asktheexpert@enterprise-solutions.ie 

Useful Links:  

What is: Multifactor Authentication – Microsoft Support

Announcing mandatory multi-factor authentication for Azure sign-in | Microsoft Azure Blog  

Update on MFA requirements for Azure sign-in – Microsoft Community Hub 

Microsoft mandates MFA for all Azure users – TechCentral.ie 

Conor Lavelle

As Marketing Manager, Conor takes joy in bringing news, blogs and industry innovations to Enterprise Solutions readership.  He has a keen interest in all new innovative software and devices.

conor-lavelle Conor Lavelle

As Marketing Manager, Conor takes joy in bringing news, blogs and industry innovations to Enterprise Solutions readership.  He has a keen interest in all new innovative software and devices.

Recent posts

ControlUp Secure DX

Watch this video about ControlUp Secure DX module. Secure DX is all about ensuring that endpoints are patched and free from vulnerabilities by using a combination of Real-time Detection, Smart Prioritization, and Continuous Remediation.

Why NetScaler is the Superior Choice: An Enterprise Solutions Perspective 

Learn about the sophisticated and flexible platform architecture of NetScaler and how it can lead to considerable cost savings in our latest blog post.