78% of Microsoft 365 Admins Do NOT Have Multi-Factor Authentication Enabled

Here’s some stats for you: 

  1. There are more than 300 million fraudulent sign-in attempts to cloud services each day.
  2. 99.9% of attacks on your accounts are preventable by enabling multi-factor authentication (MFA) per the SANS Software Security Institute.

This type of protection seems like a no-brainer, right? Unfortunately, 78% of Microsoft 365 admins do not have MFA enabled (source). When you consider that many of those not required to use MFA have access to sensitive information and data within an organization, it sounds almost absurd. But the statistics speak for themselves–in general MFA is not being used to its full capabilities.

According to Microsoft, 89% of employees have not been activated. It begs the question, is using MFA not important? 

Let’s answer that simply here: yes, MFA is very important. It’s the single greatest proactive security measure your organization can take. Every month, 1.2 million Microsoft 365 accounts are breached and 99.9% of breaches do not have MFA.

It’s not difficult to breach accounts that don’t have MFA activated–in many cases, attacks are even successful without the use of advanced technology. Without MFA, cyber actors can be successful with one compromised credential or one legacy application to initiate a data breach. The importance of password security and two-factor authentication (MFA) cannot be overstated enough. 

So why aren’t people using MFA all the time? There are a couple of key roadblocks to MFA adoption which can all be easily overcome at your organization: 

  1. There is a common misconception that MFA requires external hardware devices.
  2. There is a common concern that there will be a disruption to company operations when MFA is initiated throughout the organization.

Both of these statements are untrue. Overcoming these misconceptions is key to MFA adoption.

And lastly, we’ll leave you with this important reminder: do not just assume your MSP is taking care of these details (if you’re working with PK Tech, you can rest assured we are!). Know the right questions to ask. 

Security Questions to ask your MSP: 

  1. Is MFA activated for all your employees, and especially those with access to sensitive information within the organization?
  2. Is MFA required for all accounts with administrative access (Global Admin) to our Microsoft 365 tenant?

Ready to get in touch with us? Contact PK Tech here.