MFA: What is it and how to use it?

Share on facebook
Share on linkedin
Share on twitter
Share on google
By Gordon Hay

What is MFA?

Normally, we would invite you to a lunch and learn session at our office but let’s catch-up virtually. We recently completed MFA (Multi-Factor Authentication) projects for key business and government organisations, in which a computer user is granted access only after successfully presenting two or more pieces of evidence and you may get a text code on your phone or registered device. A great, cost effective way to ensure that only your people can access the business systems whilst working remotely. The client recognised that passwords as the sole authenticator introduces unacceptable risk throughout their organisation. It is generally accepted that passwords are not enough on their own to secure business data – being too easy to crack, sniff, and elicit. Passwords are subject to credential theft and subsequent data loss. 

It’s costing most organisations more not to implement MFA. In assessing the value, one considers how many password reset help desk tickets are tendered to, the increased security against risks, increased operational efficiency, and minimized number of potential breaches through user credentials. MFA is delivered as a win/win improved security posture and a reduction in overall support costs, this is an easy place to cut costs. 

Multi-Factor Authentication (MFA) is an audit requirement for the organisations we work with, and who currently utilise a Symantec Cloud solution with both hard and soft tokens. A desire for conditional access and the extension of MFA to additional Active Directory authenticated solutions uncovered a requirement for a more advanced identity protection solution. 

Microsoft’s Azure MFA with Identity Protection supply clients with the ability to define conditional access policies to suit organisational requirements. In addition, MFA can be extended to more applications across a range of access methods both internal and external for contractors and third parties. 

We work closely with stakeholders to complete a detailed Proof of Concept for the Azure MFA solution ensuring all organisational and audit criteria are met, and validating compatibility with applications both existing and into the future. 

Solutions Overview

Our clients had a requirement to protect all business data regardless of the end users’ location, and whether the data is in the cloud or published from on-premise. Primary considerations for the MFA service were consistent user experience and ease of use with conditional access to protected applications and services where appropriate.  

A brief discussion took place to discuss current applications and methods of access to business data, and Diverse reviewed the Azure MFA solution against high level requirements. The ways in which staff can access data are varied, each having their own purpose and advantages; However, this variability causes difficulty in ensuring a consistent user experience. 

Diverse Services offers the experience and expertise required to smoothly integrate existing systems with a new authentication solution, maintaining ease-of-use to curb any additional impact to productivity – as might come from any change to authentication. 

A proof of concept will aim to validate the use and management of Azure MFA against your applications and platforms. Re-use of existing Symantec hard tokens was desirable for remote workers, alongside making the Microsoft Authenticator mobile app available for local and some remote workers as a recommended first choice.