Security News > 2020 > March > Enable that MF-ing MFA: 1.2 million Azure Active Directory accounts compromised every month, reckons Microsoft
Microsoft reckons 0.5 per cent of Azure Active Directory accounts as used by Office 365 are compromised every month.
"About a half of a per cent of the enterprise accounts on our system will be compromised every month, which is a really high number. If you have an organisation of 10,000 users, 50 will be compromised each month," said Weinert.
According to Weinert and Walker, who showed live monitoring graphs, Microsoft receives 1.5 million attempted legacy authentication logins every day, which are now blocked.
At RSA, Microsoft showed tools for disabling legacy authentication and enforcing MFA in Azure AD. The key settings are in the Conditional Access section of Azure AD, where you can set policies.
From October 2020, Microsoft is disabling legacy authentication in Exchange, which will also break some applications, but may also give organisations a nudge towards MFA. The bottom line is that any organisation tolerating an account compromise rate of 0.5 per cent a month or more is a long way from where it should be regarding security.
News URL
Related news
- Microsoft Entra "security defaults" to make MFA setup mandatory (source)
- Microsoft warns Azure Virtual Desktop users of black screen issues (source)
- Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)