Why choose 3rd party MFA for O365?
(Last updated on December 4, 2020)
The adoption of SaaS services requires organizations to house user data in the cloud. Without the right strategy in place, this can mean user management and authentication processes – outside the confines of IT. Take the move to O365, and its creation of a tenant in Azure AD. Maintaining it alongside the on-premises Active Directory puts organizations in a hybrid identity game.
With O365 being a prime target for attackers, it is imperative that organizations secure how users access this resource. In recent months there have been several reports indicating O365 users as the target in a phishing campaign. With only 20% of organizations stating they use multi-factor authentication (MFA) for both administrators and end-users, we can expect to see similar attacks in the horizon.
Organizations need a practical way of dealing with password security, and authentication. We propose an authentication policy that ensures that the password is as strong as it can be, while leveraging MFA to secure login, especially to online services, such as O365.
Securing O365 authentication with MFA should not be optional, but there are options beyond the Microsoft offerings – O365 MFA (free) and Azure MFA (paid). The chart below lays out some security and administration considerations when evaluating 3rd party MFA options.
|MFA Considerations||O365 MFA and Azure MFA|
|Replacing passwords with stronger methods as first factor in authentication||Requires password as the first factor.|
|Move beyond a single point of failure with alternative authentication factors||Only support phone based options. This means that if a user loses the device, or just doesn’t have it on their person, they will fail to authenticate.|
|OOTB support for 3rd party authentication methods||Additional components, such as MFA server on-premises are needed to work with Active Directory Federation Services (ADFS), to extend existing 3rd party MFA to O365.|
|Easy to configure and manage||Additional workload is created for the administrator due to complex licensing and authentication configurations.|
Specops Authentication for O365 enhances login security with dynamic MFA. With 15+ identity providers to choose from during authentication, users always have a secure way to access important resources.