Microsoft Security Tools to leverage for enforcing MFA

As you have been made aware, cyber security is becoming a topic of utmost importance for you and for your end customers. Enforcing MFA is one of many methods to enhance your Azure Security Posture.


As your trusted Ingram Micro advisors, we want to make sure you understand some of the Microsoft Security tools that are available to be successful within this vertical.


Per User MFA

  • What is it? – A method of enforcing MFA that should be used temporarily before progressing to either Security Defaults, or Conditional Access. 
  • Who is it for? – Small businesses needing to secure quickly before exploring better means of securing their    Azure Environment.



Security Defaults

  • What is it? – A method of enforcing MFA that blocks Legacy Authentication and requires admins to use MFA. 
  • Who is it for? – Small and Medium sized business that want to increase their security posture but are not sure where to start. 
Disclaimer: To use Security Defaults, you must disable Per User MFA if enabled.



Conditional Access Policy 

  • What is it? – Conditional Access is a set of policies and configurations that control which devices have access to various services and data sources. It is also the most granular form of enforcing MFA 
  • Who is it for? – Medium and Large sized businesses that already have Azure Active Directory Premium P1 licenses, M365 Business Premium, or M365 E3/E5 licenses. It is also for organizations that have complex security requirements. 
Disclaimer: To use Conditional Access, you must disable Security Defaults if enabled. Conditional Access also requires that AAD Premium P1 licenses, M365 Business Premium, or M365 E3/E5 licenses be purchased for each individual user.


Lastly, by enforcing MFA, you minimize the risk of fraudulent charges, that you will unfortunately be responsible for if a cyber attack were to occur. For further details please visit 35 Azure Security Practices and Azure Fraud Detection.


Resources