Why Do We Keep Harping on About Microsoft MFA?
Cyber Security is more important now than ever. As criminals become more sophisticated with the types of cyber attacks they perform, it is important to adopt appropriate security to counteract these threats. At Westgate, we have sent emails to all our clients that strongly recommend that MFA is configured across all Microsoft 365 implementations.
You may have heard of or already be using Multi Factor Authentication (MFA), otherwise referred to as Two-Factor Authentication (2FA). You’ll almost certainly have it set up for Banking and potentially on other Cloud Applications where critical information is stored.
So, What is MFA?
Multi Factor Authentication is an additional security step that helps to protect your accounts by confirming that you are attempting to gain access, not a hacker or opportunist on the internet.
MFA relies on two key factors:
- Factor 1 – Something you know i.e. your Microsoft 365 username and password
- Factor 2 – Something you have i.e. your Mobile Phone
Using Cloud Hosted Applications without MFA is like driving without wearing a seatbelt. You can risk it, but the consequences can be horrific.
Why MFA for Microsoft Office 365 is Worth the Effort
Although complex passwords provide a good first level of authentication, they are no longer enough. With our clients, we have observed a steady increase in Microsoft Office 365 targeted attacks over the past 6 months, mostly in Outlook Phishing scams.
In addition to protecting Outlook, MFA ensures files that have been placed into the Microsoft 365 environment in SharePoint, OneDrive and Teams are also secure. These attacks have been traced back to usernames and passwords being gained and used by cyber criminals. With MFA in place, passwords alone are of little use as the hacker attempting to gain access can’t get to the second factor; the associated account holders’ mobile phone.
Do I Need Two-Factor Every Time I Log on?
No, MFA is configured per device. If you use Microsoft 365 on your laptop, you will be asked to log on with your username and password, followed by a text sent to your mobile with a code to confirm it is you. If you want to use Microsoft 365 on your mobile or tablet, the same thing will happen. You enter your credentials and a text will be sent with a code to confirm its you.
Note – You do not have to do this every time you switch on your computer or phone.
How MFA for Microsoft Office 365 Works
- Use your username and password to log on to your PC.
- Using Factor 1: After opening Microsoft Outlook, it will ask you for your username and password again, but this time it will ask you to enter in a verification key.
- A text will be sent to your phone with a 6 digit code.
- Using Factor 2: You enter that 6-digit code into the computer, then Outlook opens.
If the hacker has your password and is trying to log on as you somewhere else, they will only be successful if they can obtain the Factor 2 security code.
MFA for Microsoft Office 365
Westgate strongly recommend that if you are using Microsoft Office 365, MFA is implemented across your whole user base. The best thing about this if you’re a client of ours, we can set this up at no cost. Without MFA, you will be presented with a growing number of security risks in Microsoft 365 which can prove stressful later down the line. If you would like to learn more about MFA or how the Westgate IT Security Team can help, please contact your Account manager or fill out our enquiry form below.