Why is Office 365 MFA important?
(Last updated on December 3, 2020)
Microsoft expects two-thirds of its Office business customers will have moved to the cloud by fiscal year 2019. The hugely popular application attracts hackers looking for security weaknesses. This makes Office 365 multi-factor authentication (MFA) the most important security measure to protect the world’s most used SaaS business system.
With more than 135 million commercial monthly users, Office 365 is a hot target for attacks. Last year headlines were made when hackers used brute-force techniques to attack Office 365 accounts of high-level employees at 48 different Fortune 2,000 organization. The attack, which followed a measured pace to avoid early detection, used coordinated attacks to try different versions of employees’ usernames and passwords, eventually leading to 100,000 failed login attempts.
Office 365 email attacks continue to gain popularity, giving the hacker access to a single email account that is then used to spear phish other accounts within and outside with organization. This kind of attack can be prevented with the use of MFA.
Office 365 MFA requires the password and one more verification method when signing in to O365. Microsoft includes the following additional verifications methods: a randomly generated pass code, a phone call, a smart card (virtual or physical), a biometric device.
Phishing attacks are taking advantage of the popularity of Office 365 by leading users to malicious web pages, designed to look like the O365 login page. The purpose of this type of account is to take over control of the account and use it launch additional attacks. Office 365 MFA would stop the hacker from accessing the account since they would not have the second factor.
The final type of attack worth mentioning when discussing the important of MFA, is privileged access attacks. Last year the KnockKnock campaign targeted accounts with elevated privileges. The botnet attack went after service accounts that are not monitored regularly and don’t use MFA.
Protecting the sensitive data organizations store in Office 365 comes down to preventing various attacks designed to gain access to the data and the account itself. Office 365 MFA is critically important to limiting unlawful access to the world’s most popular SaaS business system.