More and more organisations are starting to ensure that their employees use multifactor authentication (MFA) to add an extra layer of security to their Microsoft Office 365 and other accounts. Multifactor authentication and two-factor authentication involves using an extra step (like a phone number or verification code) in addition to your login credentials. This makes it harder for hackers to log in to your account if they have your username and password. It's a very useful additional security step, however security researchers say that it’s use isn’t very widespread.In fact, it is a security measure that Topsec recommends is implemented by our customers who are migrating to Office 365. On a daily basis, we see multiple hacked Office 365 accounts sending out spam emails and when we notify our customers that one of their employee’s Office 365 accounts has been hacked, they normally find out it is as a result of a compromised password belonging to the employee in question.
However, this extra security may have been the reason why your employees were locked out of their Office 365 accounts yesterday. On Monday November 19th, Microsoft customers who use multifactor authentication were locked out of their Microsoft Azure and Office 365 accounts. Microsoft confirmed the problem on both its Azure and Office 365 status pages.
Office 365 is Microsoft's subscription-based service for its Office products (like Word, Outlook, Excel and PowerPoint) that provides the latest version of its software, exchange email and cloud storage. Meanwhile, Azure is Microsoft’s cloud computing service. Both these services are widely used in business, so this outage affected many people’s ability to do work yesterday. This is why Topsec also recommend to our customers who are migrating to Office 365, that they wrap an email security and continuity solution around their Office 365 service to ensure both spam and malicious emails are eliminated, and they have a 100% email uptime. After all, how long could your organisation operate for without access to email?