Securing Azure AD users with multi-factor authentication (MFA)
If we look at the threat landscape against user identities today, there are few types of attacks where having a complex password can help. Complex passwords could provide some mitigation against threats such as password spray and brute-force attacks, but they offer no mitigation against other prominent identity threats such as credential stuffing, breach replay, phishing, database extraction, and malware sniffing. Why? Because in all those cases, the password is already exposed! For example, in the case of a successful phishing attack, the attacker already has the password! This is why MFA is critical to identifying security. Luckily for us, Azure AD comes with native MFA capabilities that are easy to implement.
Azure AD MFA enables users to validate their identities using an additional form of authentication (beyond username and password) during sign-in. When implemented, users have the option of validating their identities...
