You may have heard the term Multi-Factor authentication (or MFA). Even if you haven’t, it’s likely that you are using it today with one or more of your online accounts. When your online banking and credit card applications require you to receive a one-time authorization code via text message and then plug it into the app after you log in – that’s one type of multi-factor authentication (MFA). When your online app asks your phone app to authenticate you, via thumbprint or a “is this you” prompt, that’s MFA. And while Multi-Factor authentication is a minor interruption for the user, it allows your financial institutions to make sure it’s really you logging on—giving you peace of mind that a cybercriminal who might have gotten your login credentials can’t get in and take your money.
Multi-Factor authentication is also an important consideration for the applications your business uses, particularly those that contain sensitive information you want to keep out of the wrong hands. For any applications subject to privacy regulations, you might even be required to implement Multi-Factor authentication.
And MFA simply just makes good business sense. It shows you’re serious about protecting information belonging to your customers, business partners and employees—as well as the intellectual property of your company.
Implementing Multi-Factor Authentication in a Microsoft World
Implementing MFA for Office 365 users, the path is simple. If you already have a Microsoft Office 365 account, you should be turning on MFA, it’s free! But that won’t be enough, as it only covers Microsoft Apps, you need MFA for all your business apps.
Fortunately, Microsoft offers several tools that many PulseOne customers rely on for non-Microsoft applications:
- Microsoft Authenticator lets you approve sign-ins from mobile apps by using your choice of push notifications, biometrics, or one-time passcodes. You can either supplement or replace passwords with these two-step verifications to boost the security of applications accessed by users or customers via their mobile phones.
- FIDO2 Security Keys allow users and customers to sign into applications without a username or password. They can use an external USB dongle, near-field communications, or another external security key that supports Fast Identity Online standards.
- Hardware Tokens automatically generate one-time passwords for devices based on open authentication standards.
- Software Tokens use the Microsoft Authenticator app to generate an open authentication verification code as a second form of authentication to prove the identity of a user or a customer.
- SMS and Voice enable users and customers to receive a code on their mobile phone—via text or voice call—to augment the security of their passwords.
Multi-Factor authentication in the Cloud
For your applications running in the cloud, another Microsoft Multi-Factor authentication tool to consider is Azure AD Conditional Access. With this tool, you can configure and fine-tune your access policies with contextual factors such as user, device, location, and time of day information. This makes it easier and more efficient to control what specific users can access and how and when they have access.
Key capabilities include aggregating signals across users, devices, app sensitivity, and sessions. You also get real-time and calculated risk detections so you can make informed decisions on who to block and who to let in. You can also verify every access attempt and apply controls. If necessary, you can use granular policies to move beyond simple access-and-block decisions to support end-user productivity and strengthen security.
Striking a Balance Between Security and Easy Access
Ultimately, the key to securing your user and customer accounts—as well as the applications and data those accounts are connected to—comes down to striking a delicate balance. Yes, you want to create a strong security posture around your digital assets and sensitive information; but you also want to make it easy for users to access the information they need to do their jobs, and even more importantly, for customers to do business with you.
Multi-Factor Authentication is a great way to achieve this balance. Users and customers can still log into your systems quickly while you enjoy the peace of mind that they are not a cybercriminal pretending to be someone they are not!
For more information on how to build a stronger security posture for your business by using Multi-Factor Authentication tools from Microsoft, contact us today!
