Microsoft sets multi-factor authentication as default for all Azure AD customers

The latest move will enable MFA as the default security setting even for older Azure accounts.

Image: tete_escape/Adobe Stock

Microsoft is taking a more aggressive step to try to protect users of Azure Active Directory from account compromise. In a new blog post, the company revealed that it’s adding multi-factor authentication as the default security setting for existing Azure customers who haven’t changed that setting on their own. This means that administrators and users alike will be required to set up MFA and use it to secure their logins each time they sign in.

Multi-factor authentication is still one of the best ways to protect accounts and data from compromise. The reason is simple: Anyone who attempts to sign into an account using stolen credentials won’t get very far without that second method of authentication, ideally provided by an app such as Microsoft Authenticator. In the blog post, Microsoft said that 99.9% of the hacked accounts that it has observed don’t have MFA enabled, putting them at risk for phishing attacks and other threats.

SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)

The default MFA setting has already been in effect for new Azure AD customers since October 2019. More than 30 million organizations have been operating with this default setting, which Microsoft said had led to 80% fewer compromises for that group as a whole. Most customers leave the setting as is, according to the company. Some beef up their security further with Conditional Access, a type of zero trust method that requires several conditions be met in order to grant access to data and other assets.

The latest change will apply to organizations that signed up for Azure AD prior to October 2019 and have not rolled out the tighter security defaults or turned to Conditional Access. The effort is especially aimed at companies that don’t have in-house security professionals or IT staffers who could otherwise analyze and implement the right type of security settings. Following the rollout of the new defaults, an additional 60 million accounts could be protected from the most common types of identity-based attacks, Microsoft said.

Microsoft will start rolling out the new settings to organizations that it considers a good fit for them, meaning those that haven’t adjusted the defaults, aren’t using Conditional Access or aren’t using legacy authentication clients. Starting in late June, global administrators of eligible customers will be notified of the change via email and receive a notice during sign-in prompting them to enable the new security defaults. They can snooze the option for as long as 14 days, after which time the new defaults will automatically be applied (Figure A).

Figure A

Image: Lance Whitney/TechRepublic.

Once the new defaults are enabled, all users of the organization will be asked to register for MFA with the same 14-day grace period. Both admins and users will be prompted to set up MFA using the Microsoft Authenticator app, while admins will receive an additional recommendation to provide a phone number.

Any admins who want to apply the MFA requirement without waiting should follow the appropriate steps described in Microsoft’s deployment guide or Azure AD documentation. Admins who want to leave the new security defaults disabled can certainly do so. However, Microsoft asks that you share your reasons why via its Azure Active Directory feedback forum.

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.