Evaluating MFA
Why MFA?
Malicious actors often gain access to your organization through simply learning, stealing, or deciphering user credentials. This is the most common type of security breach.
Enforcing Multifactor Authentication (MFA) is a fantastic way to prevent this because it requires users to use a second authentication mechanism, such as a personalized authenticator app, on their personal mobile devices. We advise that ALL Admin accounts and ALL mailboxes be secured with MFA.
The Rollout Challenge
Multifactor Authentication (MFA) can be challenging to roll out. Microsoft has several MFA implementation methods (security defaults, conditional access policy-based MFA, and per-user MFA (legacy)). Understanding which policies, baselines, and exceptions are in effect and managed is challenging. Even when policies are in place, managing user enrollment is challenging, leading many businesses to have ineffective MFA rollouts and blindspots.
The Solution
You can use the MFA Account Risks to Evaluate Which Users are at risk regardless of desired MFA Settings and Baselines.