[Reading time: 17 seconds]

If you don’t want to listen to me, listen to Microsoft.

“We observe 50 million password attacks daily, yet only 30% of global admins are using strong authentications such as multi-factor authentication (MFA) [as of August 2021].”

Attackers who get control of privileged accounts can do tremendous damage, so it’s critical to protect these accounts.

Enable and require MFA for all administrators in your organization.

It’s critical.”


What’s my point?

Don’t worry about sophisticated attacks by James Bond.

Worry about unsophisticated attacks by Jim the Burglar, who only needs a password to gain full and unlimited access to the majority of Microsoft 365 environments.


PS If you want to check this (and about 67 other security settings) on your Microsoft 365 environment, I can help. Find out more here.