OVERVIEW

MultiFactor Authentication Status

The Multifactor Authentication Status alert is triggered when one of the users inside your tenancy does not have Multi Factor Authentication (MFA) set up, and/or we cannot see a method of enforcement (such as Administrative, Security Defaults, or with a Conditional Access Policy).

Multifactor Authentication Status

  • Understand your status
  • Monitor for changes
  • Ensure enforcement
  • Protect user accounts
  • Be proactive
Impact

Real World Impact

Problem Faced

After much work getting everyone on-board, a recent manual review (only last month!) showed that everyone had MFA set up and operational. Larry, a senior partner in the firm is travelling overseas next month and didn’t want any interruption to his email in case he misplaced his phone (which holds the MFA keys), so he disabled MFA just before departure.

Larry doesn’t have roaming data, so he utilises a WiFi point at the first airport he stops at. He fails to login successfully at the airport, however once he arrives in his hotel, he is able to check his email and thinks no more of it.

What Larry doesn’t realise is that his login at the airport was reloaded to a fake login page, upon which his username and password were stolen. Malicious attackers now have uncontrolled access to Larry’s account.

Solution

It is important that any user accounts that are missing MFA are identified and rectified as a priority. Whilst all your accounts may have MFA at the moment, it is easy for a temporary disablement of MFA for a user to become permanent. The disabled account can easily be forgotten about, only to be remembered potentially months or years later when the account is compromised.

Checking that each one of your user accounts has MFA setup and enforced on a daily basis is time consuming and impractical. It is not reasonable to expect an administrator to undertake this task on a daily basis. CatchBefore can undertake this check multiple times per day. The sooner the situation is discovered, the sooner you can take mitigation steps, and reduce the potential for a larger impact.

Prevention

What are the main questions you should consider when working out how to manage this risk?

  • Do you have a system or solution in place to detect user accounts that do not have Multi Factor Authentication setup and enforced?
  • If a user account was to remove MFA, would you find out?
  • How long do you think it would take you to discover that you don’t have 100% MFA coverage?
  • Have you ever checked for accounts missing MFA?
  • What would the impact be on your organisation if a user account was compromised for an extended period of time without detection (due to lack of MFA enforcement)?
Blog

Blog Posts

Learn more about the usage and management of 365 from our team.

How to Set Up an App Protection Policy in Office 365 for Maximum Security
09Dec
MS365

How to Set Up an App Protection Policy in Office 365 for Maximum Security

Setting Up Office 365 SMTP Relay: A Guide for Secure Email Communication
07Dec
MS365

Setting Up Office 365 SMTP Relay: A Guide for Secure Email Communication

Understanding Office 365 Autodiscover: How It Works and How to Secure It
20Nov
MS365

Understanding Office 365 Autodiscover: How It Works and How to Secure It

What Is an M365 Tenant and Why Does It Matter for Your Security?
17Nov
MS365

What Is an M365 Tenant and Why Does It Matter for Your Security?

Group Mailbox vs. Shared Mailbox in Office 365: Which One Is Right for You?
15Nov
MS365

Group Mailbox vs. Shared Mailbox in Office 365: Which One Is Right for You?

Mastering PowerShell Function Parameters for Streamlined Office 365 Management
11Nov
MS365

Mastering PowerShell Function Parameters for Streamlined Office 365 Management

CatchBefore it is too late!

Your data is targeted. Safeguard your information with proactive measures.
Book a Demo