Press "Enter" to skip to content

Microsoft to Enforce Multi-Factor Authentication for All Accounts by Year-End

A study conducted by EasyDMARC shows that the adoption of DMARC security standards among .org email domains has doubled in the past year, rising from 3.98% to 7.78% between March 2023 and March 2024. While usage has increased, less than 10% of charity domains have implemented basic protections against phishing and spoofing. Although there has been progress in implementing stricter policies, such as rejection or quarantine, many domains lack essential monitoring and reporting tags. The rise in DMARC adoption may be driven by email authentication regulations rather than proactive cybersecurity measures.

Starting in July, Microsoft will enforce multi-factor authentication (MFA) for all users signing into Azure to administer resources. The MFA enforcement will also roll out for CLI, PowerShell, and Terraform. MFA offers significant protection against cyberattacks, with over 99.99% of MFA-enabled accounts resisting hacking attempts. Admins are urged to enable MFA in their tenants before the rollout and can monitor MFA registration using authentication methods, registration reports, and PowerShell scripts.

Zoom has announced the global availability of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with Zoom Phone and Zoom Rooms to follow soon. The introduction of quantum-resistant encryption addresses the risk of future decryption attacks by advanced quantum computers, ensuring data security for users. Zoom joins other communication platforms in adopting quantum-resistant algorithms, demonstrating its commitment to leading in the field of secure video conferencing.

Why do we care?

Those EasyDMARC folks are leaning heavily into identifying where their solution is needed.   Charities, it seems.

Note it willl be July 2024 before MFA is mandatory for Azure administration.    It is a notable step forward, yet at the same time, it took far too long.   Of course, over the on encryption side, we’re outpacing computers we don’t even have yet.  

Now, making it practical – where should you spend your time?   The gap – MFA adoption should not be optional.  Period.    Combine that with good backups, patch management, and a recovery plan; you have the basics of cyber hygiene.   Be good at that.