Introducing Multi-Factor Authentication for Synthetics

Multi-Factor Authentication (MFA) provides an enhanced security mechanism for your entire organization by requiring multiple methods of authentication credentials. Using traditionally managed passwords for accessing your apps, services, and networks is no longer a secure methodology.

Indeed, cyber threats are on the rise. Hackers today employ sophisticated techniques such as spear-phishing or pharming to gain unauthorized access to corporate accounts.

In 2020, the number of identity theft cases in the US grew by 53% over the previous year. IT administrators have to deal with a nightmare when employees compromise their passwords and there is no MFA in place.

But here is the good news.

According to Microsoft, MFA can block over 99.9 percent of account compromise attacks. And therefore, at Exoprise, we are excited to announce that our synthetic sensors now support testing of MFA. You can do so using Time-based One-Time Password (TOTP) but more on that later.

What is Multi-Factor Authentication?

Multi-factor authentication establishes your identity by validating against two or more factors. That’s as simple as it gets.

If a hacker steals your password, they probably won’t be able to gain access to another authentication factor. As a result, MFA bolsters security with a new additional layer of protection on top of an existing login username and password credentials.

Let’s learn what these three knowledge factors are and how MFA works.

1. Something you know (password)
   1. Other factors can include
      1. PINs
      2. Security questions
      3. Passphrases

Unfortunately, this is something easy to decrypt by hackers who can access your public social media profile or buy credentials from the dark web.

2. Something you have (device)
   1. This factor refers to a physical object such as
      1. Key fobs
      2. Smart card
      3. Hard token
      4. USB
      5. Google or Microsoft authenticator app for TOTP
      6. A smartphone or mobile device that can receive SMS or a one-time passcode

3. Something you are (biometric verification)
   1. The third factor is unique to the individual, like
      1. Fingerprints
      2. Voice or facial recognition
      3. Eye scan

Implementing this factor requires hardware or new technology that users have access to.

Using a combination of these factors is undoubtedly a robust security solution. Stop bad actors from entering your corporate infrastructure and gaining unauthorized access to sensitive customer data.

However, while MFA provides enhanced security to your business apps, it also poses as a single point of failure. There have been several Microsoft 365 outages in the past. So, it’s worth monitoring your MFA infrastructure and informing customers when there are login problems.

Microsoft 365 MFA Outage Locks Users Out

On September 28th, 2021, Microsoft suffered a global outage that prevented customers from logging into their Microsoft 365 accounts. According to the Microsoft Tech support team, the investigation pointed out the root cause of an issue with Multi-Factor Authentication.

Almost three hours later, the Microsoft engineering team resolved the issue. Nevertheless, users were locked out for a considerable time, and the downtime impacted thousands of remote workers.

On October 19, 2019, a similar outage where Azure Active Directory (AAD) outage blocked customers from accessing Office 365 apps and services. Since Microsoft recommends that Office 365 tenants use MFA, ensure that your test accounts are also compliant. Be immediately aware when problems with Azure AD surface. When outages though happen, disable Azure MFA for affected user accounts and resume operations.

Learn how Exoprise proactively detects ALL of Microsoft 365 outages. We can help you pinpoint problems in the service delivery chain so your team can troubleshoot faster.

Multi-Factor Authentication Testing for Office 365 Synthetics

Exoprise CloudReady synthetic sensors now support testing of MFA by providing TOTP. Why is this helpful?

Over time, IT will have to comply with tenant-wide MFA mandates or test the availability of their MFA infrastructure. Interestingly, a Google search to secure Microsoft 365 will lead you to the first article where Microsoft recommends setting up multi-factor authentication.

To set up MFA for Exoprise Microsoft 365 sensors, you first need a TOTP key from the Azure AD server. Exoprise uses the TOTP code from multi-factor authenticator apps such as the ‘Microsoft Authenticator’ or ‘Google Authenticator’. Visit the Microsoft Azure Portal and complete the necessary MFA configuration steps for a specific user group or account.

After you have set up the MFA correctly and logged into Office.com, you will see the screen below. Scan the code or enter the “secret key” in the authenticator app (Google or Microsoft). Then you will see a TOTP_CODE. Enter the TOTP code to complete the setup of the Azure AD MFA wizard with Exoprise.

For comprehensive setup documentation, have a look at the step-by-step guide on help.exoprise.com.

Exoprise Microsoft Teams Sensor Setup for MFA

After you sign up for the Exoprise service, deploying the Teams Audio Video conference sensor for MFA is easy. Most of our sensors will display an optional “MFA TOTP Key” in the sensor wizard setup. Provide the key from the previous step and proceed with instructions. After the deployment, the Teams AV sensor can securely monitor the collaboration app performance and measure call quality metrics.

Please note that our existing customers will need to reconfigure their Teams sensors with the new MFA key in Exoprise.

Currently, we support MFA for the following Office 365 services:

1. Outlook Web Access or OWA
2. SharePoint
3. OneDrive
4. Web Login
5. Office 365 Portal
6. Yammer
7. Dynamics
8. Teams AV and messaging

There’s more. We Support MFA for Azure AD Federated Apps Too.

If your business uses Azure AD integrated with SSO and MFA, you can test MFA for applications federated with your Azure AD.

Exoprise offers a Web Login sensor which you can easily configure with the Azure MFA key in addition to providing other details. The sensor will redirect your tenant’s active directory identity solution to test MFA for the federated service.

Benefits of Multi-Factor Authentication to Your Organization

Using MFA is one of the most reliable ways to prevent identity thefts from happening. Here are five benefits of including MFA for your business.

• Increase Corporate Security
  • Businesses can achieve this by implementing an extra layer of authentication. That makes it more difficult for any intruder to access sensitive data and protected critical infrastructure. According to Verizon, 80 percent of data breaches happen due to password compromise.
• Achieve Regulatory Compliance
  • MFA can meet security requirements for certain industries that require specific compliance measures, such as HIPAA and GDPR. Similarly, several government institutions, banking, and finance sectors need stringent controls to mitigate risk and protect consumer rights.
• Improve User Productivity
  • Integrating MFA with Single Sign On (SSO) allows remote users to access corporate resources from any device. SSO streamlines the authentication process by not remembering multiple passwords for different applications. With SSO and MFA, you can quickly verify user identity and improve productivity.
• Easy to Implement
  • MFA is the least costly solution to implement from various online security solutions available in the market. Your business IT organization should support it in Microsoft Azure AD and make your environment intrusion-free for employees from different kinds of breaches.
• Suitable for Different Use Cases
  • We live in an era of work from anywhere and a hybrid work scenario. Employees use different devices, connect from unknown networks, and look for the best digital user experiences. Adaptive MFA can use contextual and behavioral data to detect new patterns and ask users to verify their identity.