Alice Chambers |
Research by Microsoft shows that multifactor authentication (MFA) can block over 99.2 per cent of account compromise attacks. This statistic alone was enough for Microsoft to encourage secure-by-default practices with its customers by implementing an MFA mandate for all Microsoft Azure sign-in attempts. However, organisations are struggling to meet these requirements.
“There are a whole host of challenges that hinder security,” says Derek Hanson, vice president of standards and alliances at Yubico, a provider of hardware authentication security keys that integrates its tools with Microsoft Entra ID and Microsoft 365 to help customers with their zero-trust strategies. “Many businesses expose themselves to risks by relying on traditional usernames and passwords and legacy MFA tools, which are vulnerable to phishing and credential theft. Others struggle with the complexities of managing password policies, leading to frequent password resets and user frustration.”
Microsoft now requires MFA for all users signing into the Azure portal, and the Microsoft Entra and Intune admin centres. The mandate was enforced in October 2024, followed by the same for the Microsoft 365 admin centre in February 2025. A second phase of MFA mandates will roll out later in 2025, extending MFA enforcement to Azure mobile applications, Command-Line Interface and PowerShell.
“This decision is driven by the goal to significantly reduce account takeover threats and enhance security,” explains Hanson. “By mandating that Azure users employ some form of MFA, Microsoft aims to protect user accounts from unauthorised access and reduce the risk of security breaches.”
Yubico is helping businesses achieve their authentication goals through its hardware security keys, called YubiKeys. They stop account takeovers, reduce security breaches, improve user productivity and provide a smoother transition to passwordless authentication.
“By adopting YubiKeys, organisations across various industries have significantly enhanced their security posture through the gold standard for phishing-resistant authentication and streamlined user experiences,” says Hanson. “The seamless integration of YubiKeys has enabled thousands of satisfied customers to implement strong, hardware-based MFA across their IT infrastructure and create phishing-resistant users to become truly phishing-resistant enterprises.
“It’s also become clear that organisations must go beyond only addressing moments of authentication – they need to focus on building phishing-resistant users. Fostering phishing-resistant users is not just a reactive measure, but a proactive enterprise strategy aimed at removing the risk of phishing by eliminating all phishable events from the entire user lifecycle – thus ensuring even the least security conscious users are protected in their day-to-day activities. Yubico is committed to helping organisations create phishing-resistant users for their entire employee account lifecycle, by empowering enterprise security and bolstering protection against account takeovers through easily deploying the highest-assurance modern hardware security keys – in turn enabling passwordless authentication at scale.”
Passwordless authentication – part of the MFA process – is crucial for protection against cyberthreats and aligns with Microsoft’s vision for secure and efficient access management.
“Microsoft emphasises securing identities as the foundation of a zero-trust strategy,” says Hanson. “Passwordless authentication strengthens this perimeter by ensuring that only legitimate users can access resources without the need to manage complex passwords. By eliminating passwords, organisations reduce their attack surface, making it harder for attackers to gain unauthorised access.”
Yubico’s security solutions, including its Yubico Enrollment Suite made up of two primary solutions – Yubico FIDO Pre-reg and YubiEnroll – integrate with Microsoft environments to provide passwordless MFA solutions.
“Yubico FIDO Pre-reg offers a turnkey service that delivers pre-enrolled YubiKeys directly to users, whether they are in corporate offices or remote locations,” says Hanson. “Meanwhile, YubiEnroll provides a versatile client application that allows IT administrators to enrol YubiKeys on behalf of users. The Microsoft compatibility of these solutions allows enterprises to implement strong security measures consistently. By adopting Yubico’s technology, business decision-makers can significantly enhance their organisation’s security posture, ensuring both protection and operational resilience in the face of evolving cyberthreats.”
With the MFA mandate set to take full effect by mid-2025, Yubico will continue its partnership with Microsoft, collaborating with joint customers on their zero-trust journey.
“By working closely with Microsoft, we ensure that our products are fully compatible with Azure, Entra ID, Microsoft 365 and other critical services,” says Hanson. “This integration is crucial for organisations aiming to adopt a zero-trust architecture, as it provides strong, phishing-resistant authentication that is essential for verifying user identities before granting access. Our goal is to empower enterprises to operate as phishing-resistant organisations while confidently navigating the evolving cybersecurity landscape, leveraging the strength of our partnership with Microsoft and our commitment to zero-trust principles.”
Discover more insights like this in the Spring 2025 issue of Technology Record. Don’t miss out – subscribe for free today and get future issues delivered straight to your inbox.