News Blog /

Going Passwordless: Why use Azure AD Multi-Factor Authentication?

by Spanish Point - Jun 1, 2021
Going Passwordless: Why use Azure AD Multi-Factor Authentication?

Time and time again we see user passwords treated with minimal to no security. They are kept in plaintext, reused again and again by employees, and left to fend for themselves in the form of single-factor authentication. This practice has resulted in billions of euros stolen and enormous data breaches from which it takes organisations months, sometimes years, to recover. Or even worse, threat actors sell your legitimate credentials over and over, meaning your organisation never has time to recover and is constantly on the defence.

The main concern with single-factor authentication is that once a threat actor obtains credentials, they can simply “walk” into the organisation and appear to be a legitimate user. How would one detect for legitimate logins? We need to build detections around additional factors or, more importantly, implement stronger authentication mechanisms and/or additional factors.

Time to implement multi-factor authentication!

Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their mobile phone or to provide a fingerprint scan. If you only use a password to authenticate a user, it leaves an insecure vector for attack. When you require a second form of authentication, security is increased as this additional factor isn’t something that’s easy for an attacker to obtain or duplicate.

Azure AD Multi-Factor Authentication helps safeguard access to data and applications while maintaining simplicity for users. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy-to-use authentication methods.

Multi Factor Authentication

MFA support in Microsoft 365

By default, both Microsoft 365 and Office 365 support MFA for user accounts using:

  • A text message sent to a phone that requires the user to type a verification code.
  • A phone call.
  • The Microsoft Authenticator smart phone app.

In both cases, the MFA sign-in is using the “something you have with you that is not easily duplicated” method for the additional verification. There are multiple ways in which you can enable MFA for Microsoft 365 and Office 365:

  • With security defaults
  • With Conditional Access policies
  • For each individual user account (not recommended)

Choose the best version for your business

Basic multi-factor authentication features are available to Microsoft 365 and Azure Active Directory (Azure AD) administrators for no extra cost. If you want to upgrade the features for your admins or extend multi-factor authentication to the rest of your users, you can purchase Azure AD Multi-Factor Authentication in several ways.

Azure AD Multi-Factor Authentication can be used, and licensed depending on your organisation’s needs. You may already be entitled to use Azure AD Multi-Factor Authentication depending on the Azure AD, EMS, or Microsoft 365 license you currently have.

Azure Active Directory is available in four editions.

1.       Azure Active Directory (Free): The free edition of Azure AD is included with a subscription of a commercial online service such as Azure, Dynamics 365, Intune, Power Platform, and others.

2.       Office 365 (Free): Additional Azure AD features are included with Office 365 E1. E3, E5, F1 and F3 subscriptions.

3.       Azure Active Directory Premium P1: €5.10 user/month Excl. VAT. Azure AD Premium P1, included with Microsoft 365 E3, offers a free 30-day trial and Office 365 subscribers can buy Azure AD Premium P1 online.

4.       Azure Active Directory Premium P2: €7.60 user/month Excl. VAT. Azure AD Premium P2, included with Microsoft 365 E5, offers a free 30-day trial. Azure and Office 365 subscribers can buy Azure Active Directory Premium P2 online.

Choose the right passwordless technology for your users. Each organisation has different needs when it comes to authenticators. Microsoft offers multiple passwordless methods that work seamlessly with Azure AD. Support your employees working remotely by providing more secure access to corporate resources through continuous assessment and intent-based policies.