In the span of two weeks, Microsoft has experienced two global Multi-Factor Authentication (MFA) issues with Azure Active Directory — which, in turn, affected Office 365 and other Microsoft services which use MFA for authentication.
It’s not a good look for the Microsoft cloud. Besides calling on Microsoft to get its overall quality act together, like Petri contributor Aidan Finn did here, what can IT pros do to try to head off MFA issues, short of shutting off MFA, which is not advisable? Thoughts, folks?
1) Create a backdoor – a single account with MFA disabled but it has a crazy long passphrase. Maybe even turn it into a 2-key “nuclear” passphrase where no one person knows the entire passphrase or has access to the whole passphrase.
2) Get some Azure AD Premium licensing (talk to a licensing expert – I think there is a “single license” trick that is legit). Enable conditional access so you don’t prompt for MFA from trusted devices/networks. The idea is that if you’re logging in from in a trusted site that you are physically in, then MFA isn’t required.
Turning off MFA is bad. ID theft is the easy way into any business.
This reply was modified 1 week, 4 days ago by Aidan Finn.