Using Microsoft 365 Without MFA In Place? You Are At Risk.

Using Microsoft 365 Without MFA In Place? You Are At Risk.

By: Brad Jepsen, Master IT Engineer/Sales Engineer

If you use Microsoft 365 products and you don’t have MFA (Multi-Factor Authentication) enabled in your organization yet, you are at heightened risk of user accounts getting compromised.

I can’t say this more plainly – if you do not have MFA in place and a cybersecurity incident hasn’t happened to you yet, it is only a matter of time before you fall victim.

What is MFA for Microsoft 365?

MFA increases the security of user logins for cloud services beyond only using a password. With MFA for Microsoft 365 users are required to take a second step to sign in. This step comes after the user has correctly entered their password and can either come in the form of a text message or an app notification on their phone.

What’s my risk if I’m not using MFA?

  • A single password is not enough, regardless of how complex it is.  Hackers have ways to crack passwords.
  • Phishing emails appearing legit can lead end-users to hand over their login credentials to the hacker.
  • If your data is compromised in Microsoft 365, it then gives the hacker access to everything saved in the software, including emails and data in OneDrive and SharePoint.
  • Non-Compliance.  Depending on your industry, MFA may be one component of compliance standards.
  • If your credentials are compromised, hackers can send emails directly from your account.  For example, the hacker could send phishing emails to your customers with ransomware and other types of malware.
  • Your business reputation.  You don’t want to have to answer to questions from your contacts/customers about why you don’t have safeguards in place to protect both your business and theirs.

What are the cons of MFA?

  • You may have concerns about setup costs.  Some may believe that it’s too expensive to set up or you just don’t have the time to do it.  While cost is always a factor to consider, setting up MFA does not require a lot of time.  The protection you get from MFA significantly outweighs the costs.
  • End-user training.  Yes, by enabling MFA you are requiring all users to learn an additional step to log in and it’s less convenient.  However, within a few days users will have an understanding and the login process will only take a few additional seconds.

The majority of today’s data breaches are a result of compromised credentials.  We strongly urge our partners to take action now to implement MFA to protect yourself and your customers.

For any further questions about protecting your data and/or enabling MFA for Microsoft 365, please reach out to your Business Consultant at or Technical Support team at

Get a free assessment

Your custom cybersecurity check up identifies where you’re secure, and where you’re not. Fill out the information below to schedule a FREE network and cybersecurity consultation with one of our local IT Business Consultants. There are no obligations, and you will walk away with information on how you compare to today’s IT and cybersecurity best practices.