Problematic Multi Factor Authentication

  1. Home
  3. Problematic Multi Factor Authentication

Alert title: “Problematic MFA” (Problematic Multi Factor Authentication)

Description: Alerts if a user is suspected of having problems with Multi Factor Authentication (MFA)

Options:

  • It is possible to ignore users
  • It is possible to set the total MFA failures count at which the alert is triggered
  • It is possible to set the number of failures from unique IP’s  at which the alert is triggered
  • It is possible to set the number of failures from unique IP’s, which don’t go on to any successful logins (at which the alert is triggered).  This is like the above, however typically set lower

The problem: This alert is triggered when there is an unhealthy amount of Multi-Factor-Authentication (MFA) failures.

Impact: This may be a related to a user(s) that has problems with the MFA process, or, an indication of an account that is otherwise compromised, except for MFA

Suggested steps: Engage a technician to confirm that the alert is accurate. Either provider end-user support (if user help is required) – or undertake mitigation steps if it is an otherwise compromised account.

CatchBefore it is too late!

Your data is targeted. Safeguard your information with proactive measures.
Book a Demo

365 MultiFactor Authentication Status

  1. Home
  3. Problematic Multi Factor Authentication

Alert title: “MultiFactor Authentication Status”

Description: Alerts if a user is detected as being enabled in the system, and not having multi-factor authentication administratively enforced (either by site-wide “SecurityDefaults” being enabled, or on a user-by-user administratively enforced basis, via a conditional access policy that has MFA mentioned).  It will also alert if the user has not setup MFA yet.

Options:

  • It is possible to ignore specific users
  • It is possible to delay the alert triggering (for new users) by a number of days
  • It is possible to delay the alert triggering (for new users that have never logged in) by a number of days

The problem: This alert is triggered if an enabled user is detected as not having MFA enabled, not having MFA setup (even if enabled), and will also alert if MFA is not enforced (even if enabled).

Impact: Any users that can login should have MFA enabled, setup, and enforced.  If they do not then the account (and the data it can access, as well as configuration control) is at a higher risk of access by an un-authorised party.

Suggested steps: Engage a technician to confirm that the alert is accurate.   Take steps to ensure that MFA is enabled, setup, and enforced.

CatchBefore it is too late!

Your data is targeted. Safeguard your information with proactive measures.
Book a Demo