By Caroline Blivet
Share

Multi-Factor Authentication: What Is It, Why Do You Need It & How To Set It Up?

March 04, 2020

As digital technology continues to grow and diversify, new authentication systems are needed to protect users. Multi-factor authentication (MFA) is an efficient way to protect consumers and businesses by ensuring that only authorized users can access key systems and carry out actions. Whether the user is logging onto a website, making a purchase, or transferring funds, MFA combines multiple authentication factors in order to establish identity and minimize risk.

1. What is Multi-factor Authentication (MFA)?

MFA uses multiple methods to affirm identity and authority. A range of factors or pieces of evidence can be used to establish identity, including personal knowledge, possession of verified device, and biometrics. As a user, you may need to prove these factors by taking action following an automated phone call, responding to a text message, or verifying an app notification.
 

This is significantly more secure than relying on just your username and password. If an MFA system has been initialized, you're only allowed to access the site or service when all factors have been authenticated. Let's take a look at these authentication schemes and factors in more detail;
 

•         Possession (something you have) - this may include a trusted device, a bank card, a USB stick, or any other physical object.

•         Personal knowledge (something you know) - this may include a password, a PIN, or personal knowledge such as answers to secret questions.

•         Inherence (something you are) - this may include fingerprint data, voice recognition, biometrics, or other physical characteristics.

•         Location (somewhere you are) - this may include connection to a specific computer network, or proximity to a GPS signal.

Microsoft and other leading companies implement MFA to help protect users and safeguard important information assets. Multi-factor authentication for Office 365 adds a second layer of protection, with users obliged to provide proof of their identity before they're granted access to a profile.

2. Why use MFA?

Data and information security is integral to almost every aspect of modern society. Security breaches cause a range of issues, from identity and document theft for individuals through to downtime and reputation damage for companies. Most information systems are designed to protect users and their data through the act of verification, with intrusions and attacks often the result of falsification and deceit.

When breaches happen at large companies, it is often due to weak identification and authentication mechanisms. For example, a hacker may get hold of an employee’s credentials to break into the company system. When MFA has been implemented properly, the risk of these intrusions can be almost eliminated. For you as an end user, MFA creates a second or third layer of protection in the case of data theft or hacking.

For example, after entering the stolen username and password, the hacker would be asked for a second form of authentication, which would trigger an alert to the real user’s phone or email. Since the hacker would be unable to authenticate the account using the second piece of information, they would be unable to log in and the intrusion would be prevented. While intrusions can still happen through brute force attacks and other hacking methods, opportunities for intrusion can be greatly minimized.
 

3. MFA versions

You can secure a number of Microsoft resources with MFA. Microsoft multi-factor authentication is available in Office 365 and Microsoft Azure, with different protection schemes available for administrators and users. Azure is Microsoft's cloud computing service created to help with the building, testing, deploying, and managing of applications. While almost identical in functionality, different MFA schemes are used for services that involve Microsoft-managed data centers.

•         Office 365 — the Office 365 global admin can set up or modify MFA for licensed Office 365 users.

•         Microsoft Azure — administrators can secure MFA and Windows Azure resources for admin users.

•         Microsoft Azure users — administrators set up MFA for Microsoft online resources, SaaS resources, VPN, and LOB apps.

 

4. How to deploy MFA in my organization?

Azure MFA is a type of multi-step verification that involves two or more methods. This form of MFA is designed to safeguard access to data and applications while maintaining simplicity for users. The second form of authentication may involve any of the following:

•         Something you know - typically a password

•         Something you have - typically a trusted device

•         Something you are - typically biometrics

Azure MFA is widely supported and available through multiple offerings. In order to benefit from this security, it's important to understand the difference between Office 365 and Azure. Microsoft Office 365 refers to a software as a service (SaaS) package, and Microsoft Azure refers to the underlying infrastructure used to support this service as well as many other services. MFA is different depending on the implementation:

•         Azure Active Directory Premium or Microsoft 365 Business - Full featured use of Azure MFA with conditional access policies.

•         Azure AD Free or standalone Microsoft Office 365 - Use security defaults for users and administrators.

•         Azure Active Directory Global Administrators - A subset of Azure MFA capabilities is available to help protect global administrator accounts.

Like any significant IT change, it's important to educate users in order to streamline the adoption process. Most users are accustomed to using passwords alone, so it's important to raise awareness in order to reduce errors and to ease the burden on your support team. There may also be some scenarios where temporarily disabling MFA is necessary, so your staff need the ability to handle a number of different scenarios. Conditional access policies are available to bypass two-step verification in order to implement other solutions to fit your needs.
 

Overall, successful deployment of MFA depends on planning ahead and implementing a program that's right for your organization. Your MFA rollout plan should include a pilot deployment, with implementation typically scaled up over time. It's important to inform users, train staff, and synchronize changes with team members from your Communications, Change Management, or Human Resources departments.

Softlanding provides professional and managed IT services across business sectors. If you want to enjoy the benefits of multi-factor authentication in your organization, we can deploy and implement leading Microsoft Solutions such as Azure and Office 365. Contact us now to learn more.

Loading Conversation