The world of ICT every day suffers from attacks on information, because of this, the levels of information protection security must be increased. It should be noted that information is a high-value asset in organizations.
The antecedent that originates the need for these directives is the exposure that user IDs had, because sometimes they did not have completely secure passwords, as a consequence these accounts were exposed to brute force attacks by cyber attackers who used automated tools that allowed to decipher passwords.
In response to this situation, Microsoft launches MFA and Modern Authentication policies. What does it mean to have these policies enabled in our environment?
To respond to this concern, the first thing to know is what these policies are, in this regard Microsoft defines them as follows:
"Multi-factor authentication (MFA) adds a layer of protection to the login process. When an account or app is accessed, users must go through additional identity verification; For example, they have to scan your fingerprint or specify a code they receive in their device."
With respect to modern authentication Microsoft indicates "Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client (for example, laptop or phone) and a server, as well as some security measures that depend on access policies that you may already know."
By having these policies activated in our Microsoft 365 portal, it guarantees us that our users will not suffer impersonation attacks and that our information will be protected.
Edwin Vásquez Aragon
Cybersecurity Engineer
EN 
ES