Microsoft expects more than 75% of their Microsoft office business customers to move to the Cloud by the end of 2022. With millions of commercial users, the Microsoft 365 platform is a hot target for cyber-attacks. In 2019, headlines were made when hackers used brute-force techniques to attack Microsoft 365 accounts of 48 different large companies in the USA. The technique used coordinated attacks to try different versions of employees’ usernames and passwords, eventually leading to 100,000 failed login attempts! Microsoft 365 Multi-Factor Authentication is one of the most important security measures to help protect your 365 platform.
Since then, targeted Microsoft 365 email attacks have been increasing. Hackers are trying to access a single email account that is used to “spear phish” other accounts within and outside an organisation. The threat for this kind of attack can be dramatically reduced with multi-factor authentication and user education.
Phishing attacks are taking advantage of the popularity of Microsoft 365. Users are lead to malicious web pages, designed to look like the Microsoft 365 login page. The intention is to take over control of the account and use it launch additional attacks.
Microsoft 365 multi-factor authentication helps reduce the chance of a hacker accessing the account. This is due to the hacker not having access to the “second factor” when logging in.
Microsoft 365 MFA requires the user password and one more verification check when signing into Microsoft 365.
The verification method of choice is either an app installed on a smartphone or a randomly generated passcode sent as a text to the user’s phone.