Only 22% of Microsoft’s Azure Active Directory (AAD) has implemented “strong identity authentication” as of December 2021.
These include MFA for identity authentication and password-free solutions. The Cyber Signals report means that 78% of AAD customers are exposed to breaches that MFA users are not exposed to.
The small number of companies said to have implemented MFA is partly due to a technical problem in Microsoft’s Office 365. “Basic authentication” is enabled by default in Office 365 and does not support MFA. To mitigate the problem, Microsoft will disable basic authentication by default in October 2022.
In 2021, Microsoft blocked tens of billions of phishing attempts and password rate attacks. According to Microsoft, the attacks originated from state-sponsored actors, including Nobelium.
Failure to implement multifactor authentication endangers organizations, and the inability of organizations to address this risk poses a much greater problem.
Microsoft urges organizations to enable MFA on all end-user accounts and recommends prioritizing it for executives, administrators and other privileged accounts.
For more information, read the original story in ZDNet.