Why choose 3rd party MFA for O365?
(Last updated on October 11, 2018)
The adoption of SaaS services requires organizations to house user data in the cloud. Without the right strategy in place, this can mean user management and authentication processes – outside the confines of IT. Take the move to O365, and its creation of a tenant in Azure AD. Maintaining it alongside the on-premises Active Directory puts organizations in a hybrid identity game.
With O365 being a prime target for attackers, it is imperative that organizations secure how users access this resource. In recent months there have been several reports indicating O365 users as the target in a phishing campaign. With only 20% of organizations stating they use multi-factor authentication (MFA) for both administrators and end-users, we can expect to see similar attacks in the horizon.
Organizations need a practical way of dealing with password security, and authentication. We propose an authentication policy that ensures that the password is as strong as it can be, while leveraging MFA to secure login, especially to online services, such as O365.
Securing O365 authentication with MFA should not be optional, but there are options beyond the Microsoft offerings – O365 MFA (free) and Azure MFA (paid). The chart below lays out some security and administration considerations when evaluating 3rd party MFA options.
|MFA Considerations||O365 MFA and Azure MFA|
|Replacing passwords with stronger methods as first factor in authentication||Requires password as the first factor.|
|Move beyond a single point of failure with alternative authentication factors||Only support phone based options. This means that if a user loses the device, or just doesn’t have it on their person, they will fail to authenticate.|
|OOTB support for 3rd party authentication methods||Additional components, such as MFA server on-premises are needed to work with Active Directory Federation Services (ADFS), to extend existing 3rd party MFA to O365.|
|Easy to configure and manage||Additional workload is created for the administrator due to complex licensing and authentication configurations.|
Specops Authentication for O365 enhances login security with dynamic MFA. With 15+ identity providers to choose from during authentication, users always have a secure way to access important resources. For more information on how Specops compares to Microsoft’s out-of-the-box tools, download the Managing users and authentication with on-premises Active Directory for O365 whitepaper.
Multi-factor authentication (MFA) requires authentication from independent categories of credentials: something you know (i.e. password), something you have (i.e. Mobile device), and something you are (i.e. Fingerprint). MFA enhances security when accessing resources on SaaS applications, and even during password resets. When it comes to authentication, more layers means more protection against attacks and breaches….Read More
Stockholm, Sweden – December 18, 2017. Specops Software announced today the launch of Specops Authentication for Office 365. This new software helps companies transition to Office 365 (O365) while keeping user data in their on premise Active Directory to take advantage of existing user management and authentication controls. Robust, dynamic multi-factor authentication (MFA) ensures users…Read More
Many organizations are making the move to cloud, specifically Office 365 (O365). Recognized as the most common business productivity software, O365 offers many benefits to today’s mobile workforce. There’s also some perks for the IT staff. Freed up internal resources, from servers to personnel, easy access to the latest and greatest, and best of all,…Read More