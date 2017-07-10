These days, when you make applications and services available from external locations, security is always (or should be) top-of-mind for IT admins. What they need to make sure of is that no one from an external location can easily break into their applications. To achieve front-end security, one of the practices we normally carry out is to protect systems with multi-factor authentication. This gives any potential hacker an incredibly tough time, even if they managed to guess or brute force a user’s insecure password.

That said, how many companies protect Office 365 only with single-factor authentication? I am going to bet an extremely large sect of the customer base. Why? Some organisations have multi-factor authentication for NetScaler, but only single-factor authentication for Office 365. That is like placing a NetScaler on the internet with LDAP authentication; it’s frowned upon. For some reason, however, Office 365 seems exempt from the same. If someone manages to break into an Office 365 Global Administrator account that is protected only with single-factor authentication, then you are in big trouble. What happens when a confidential mailbox — something with customers’ personal and sensitive company information — is breached?

All it takes is for one unsecure computer to be key-logged, and the unsuspecting end-user from their home computer logs on to Office 365 to read their emails before bed (I know, we all do it right?). Little do they know they have just handed over the keys to the hacker whilst they are at it. Even a simple phishing attack is enough to compromise mailboxes that are protected with single-factor.

