Why choose 3rd party MFA for O365?
The adoption of SaaS services requires organizations to house user data in the cloud. Without the right strategy in place, this can mean user management and authentication processes – outside the confines of IT. Take the move to O365, and its creation of a tenant in Azure AD. Maintaining it alongside the on-premises Active Directory puts organizations in a hybrid identity game.
With O365 being a prime target for attackers, it is imperative that organizations secure how users access this resource. In recent months there have been several reports indicating O365 users as the target in a phishing campaign. With only 20% of organizations stating they use multi-factor authentication (MFA) for both administrators and end-users, we can expect to see similar attacks in the horizon.
Organizations need a practical way of dealing with password security, and authentication. We propose an authentication policy that ensures that the password is as strong as it can be, while leveraging MFA to secure login, especially to online services, such as O365.
Securing O365 authentication with MFA should not be optional, but there are options beyond the Microsoft offerings – O365 MFA (free) and Azure MFA (paid). The chart below lays out some security and administration considerations when evaluating 3rd party MFA options.
|MFA Considerations||O365 MFA and Azure MFA|
|Replacing passwords with stronger methods as first factor in authentication||Requires password as the first factor.|
|Move beyond a single point of failure with alternative authentication factors||Only support phone based options. This means that if a user loses the device, or just doesn’t have it on their person, they will fail to authenticate.|
|OOTB support for 3rd party authentication methods||Additional components, such as MFA server on-premises are needed to work with Active Directory Federation Services (ADFS), to extend existing 3rd party MFA to O365.|
|Easy to configure and manage||Additional workload is created for the administrator due to complex licensing and authentication configurations.|
Specops Authentication for O365 enhances login security with dynamic MFA. With 15+ identity providers to choose from during authentication, users always have a secure way to access important resources.
(Last updated on December 4, 2020)
Multi-factor authentication (MFA) requires authentication from independent categories of credentials: something you know (i.e. password), something you have (i.e. Mobile device), and something you are (i.e. Fingerprint). MFA enhances security when accessing resources on SaaS applications, and even during password resets. When it comes to authentication, more layers means more protection against attacks and breaches….Read More
Stockholm, Sweden – December 18, 2017. Specops Software announced today the launch of Specops Authentication for Office 365. This new software helps companies transition to Office 365 (O365) while keeping user data in their on premise Active Directory to take advantage of existing user management and authentication controls. Robust, dynamic multi-factor authentication (MFA) ensures users…Read More