November 9, 2021
min read
Roy Martinez
With over 16 years in Microsoft and IT infrastructure, Roy uses his SharePoint, Power Automate, and Microsoft Teams expertise to help organizations develop strategies for adoption, collaboration, automation, and governance.
Video thumbnail for the Tales From The Trenches: Automated MFA Policy Enforcement

We hear – firsthand – from our all-star Success Team about how CoreView combats the chaos for some of their top-tier customers. Let's dig in...

Hear how one company’s MFA management was out of control.  

Multifactor Authentication (MFA), what a hassle, right? Every time you do something, you need to retrieve your phone, open an app, type a key, and receive a text message.

As an administrator, you know how to keep your password safe. And are aware of the impact not having MFA turned on can have. 

When we examined the information on this:

A little more than a fifth of organizations, or 22%, did not employ any sort of multifactor authentication for a third of their users.

It's worse when administrators are the only ones without MFA enabled, though. Nearly 90% of businesses have deactivated MFA for some or all of their administrators. 

That is a substantial sum.

And we are all aware of the rationale behind having a shared admin account. Additionally, not everyone uses the same phone, and using a legacy system again requires logging in with an admin account. 

But as senior IT workers, we need to be mindful of these problems in particular.

What is even more shocking is that

MFA is disabled for 42% of Microsoft administrators. 

Meaning currently in your organization, one out of every three administrators does not have MFA enabled, and this occurs 40% of the time. 

Again, these are quite unexpected figures given how crucial multifactor authentication is, as we all know. 

What does this entail, then? It may indicate a number of things, such as the user level lack of multifactor authentication.

I'm protected since we employ conditional access, and every time someone uses conditional access, multifactor is activated, right?

Actually, no.

The Russian terrorist organization Cozy Bear recently launched a number of attacks. Their strategy was to sign up users for MFA who weren't already signed up for it.

And as of right now, they are login into Microsoft 365 using my ordinary admin account rather than conditional access.

And because I'm an admin, they can get away with murder, which is why admin roles are the most important. Attacks are started by accounts with enhanced privileges in 88% of cases.

The ideal combination is multifactor authentication and strong passwords. These are only two examples of the regulations that everyone agrees should be in place. And based on the statistics we've seen; they aren't as prevalent as you might imagine. Even when they are generally in place, they are not where it matters.

How Can CoreView Help? 

With a continuous compliance mindset, you need to keep track of adherence to security guidelines like CIS Benchmarks or NIST Guidance. With CoreView, you can set up automated alerting anytime there is policy non-compliance, keeping you informed at all times.

Almost any non-compliance concern should be watched, including:

  • A user whose password doesn't match security standards 
  • An administrator who doesn't have MFA enabled
  • Giving a visitor access to private documents

In summary, this makes the customer’s M365 environment now significantly more secure, and with CoreView their MFA compliance is now under control. Schedule your demo today.

Get a personalized demo today

Created by M365 experts, for M365 experts.