1 min read

78% of Microsoft 365 Admins Do NOT Have Multi-Factor Authentication Enabled

Megan Schutz November 11, 2021

Cybersecurity Microsoft 365
78% of Microsoft 365 Admins Do NOT Have Multi-Factor Authentication Enabled

Here’s some stats for you: 

  1. There are more than 300 million fraudulent sign-in attempts to cloud services each day.
  2. 99.9% of attacks on your accounts are preventable by enabling multi-factor authentication (MFA) per the SANS Software Security Institute.

This type of protection seems like a no-brainer, right? Unfortunately, 78% of Microsoft 365 admins do not have MFA enabled (source). When you consider that many of those not required to use MFA have access to sensitive information and data within an organization, it sounds almost absurd. But the statistics speak for themselves–in general MFA is not being used to its full capabilities.

According to Microsoft, 89% of employees have not been activated. It begs the question, is using MFA not important? 

Let’s answer that simply here: yes, MFA is very important. It’s the single greatest proactive security measure your organization can take. Every month, 1.2 million Microsoft 365 accounts are breached and 99.9% of breaches do not have MFA.

It’s not difficult to breach accounts that don’t have MFA activated–in many cases, attacks are even successful without the use of advanced technology. Without MFA, cyber actors can be successful with one compromised credential or one legacy application to initiate a data breach. The importance of password security and two-factor authentication (MFA) cannot be overstated enough. 

So why aren’t people using MFA all the time? There are a couple of key roadblocks to MFA adoption which can all be easily overcome at your organization: 

  1. There is a common misconception that MFA requires external hardware devices.
  2. There is a common concern that there will be a disruption to company operations when MFA is initiated throughout the organization.

Both of these statements are untrue. Overcoming these misconceptions is key to MFA adoption.

And lastly, we’ll leave you with this important reminder: do not just assume your MSP is taking care of these details (if you’re working with PK Tech, you can rest assured we are!). Know the right questions to ask. 

Security Questions to ask your MSP: 

  1. Is MFA activated for all your employees, and especially those with access to sensitive information within the organization?
  2. Is MFA required for all accounts with administrative access (Global Admin) to our Microsoft 365 tenant?

Ready to get in touch with us? Contact PK Tech here.
FYI Microsoft’s “Shared Responsibility Model” for Office 365 Means YOU Are Responsible Backups, NOT Microsoft!

FYI Microsoft’s “Shared Responsibility Model” for Office 365 Means YOU Are Responsible Backups, NOT Microsoft!

Megan Schutz : April 10, 2021

Are you under the impression that Microsoft is responsible for the backups inside of solutions like Office 365, Exchange Online, OneDrive and...

Cybersecurity Backups Microsoft 365
Read More
Best Authenticator Apps for 2024

Best Authenticator Apps for 2024

Megan Schutz : May 7, 2024

There are more than 300 million fraudulent sign-in attempts to cloud services each day. And yet, 99.9% of attacks on your accounts are preventable by

Cybersecurity
Read More
Executives Using Office 365 Targeted by New Scam

Executives Using Office 365 Targeted by New Scam

Megan Schutz : September 9, 2022

Recently, cybercriminals instigated a high-end spear-phishing campaign targeting executive users of Office 365. The attack bypassed multi-factor...

Cybersecurity Microsoft 365
Read More