Do you know who is trying to log in to your Microsoft accounts? Here at Woodard, we do. Over the past 6 days alone, we have had attempts from Poland, Belgium, Vietnam, Brazil and Singapore.
Joe Woodard and our internal IT manager get notices from Microsoft about risky log-ins or impossible travel events from users on our Microsoft account. Most of these are caused by bots or automatic scanning programs that are trying to gain access to our Exchange Email or Microsoft account. These programs will find a good email address and then try multiple times to guess the password or until Microsoft locks them out of the account.
On rare occasions, these programs can find a username and password match.
At Woodard, our accounts are protected with the multi-factor authentication (MFA) option. MFA means that additional information must be provided to complete access. Without MFA protection, these bots or scanning programs can gain full access to your Microsoft account.
If you have enabled MFA and you receive a prompt to authenticate a login on your account that you did not request, ALWAYS reject it. You should also notify your IT support of what has happened.
If you have not enabled MFA on your Microsoft account(s) for your team, your global admin can follow these steps:
1. Open the Microsoft Admin center at https://admin.microsoft.com
2. On the left menu, click "Users" then "Active Users"
3. Click "Multi-factor authentication" on the top menu
4. Select the user(s) who need MFA
5. Click "Enable" on the right
6. Click "Enable multi-factor auth"
Note: Read the message about users who do not regularly sign in through the browser and send them a link to register for MFA.
Attempts to access businesses systems and accounts happen daily and will continue to happen daily. Install multi-factor authentication and be vigilant!
For more detailed information, you can read Microsoft's guide for deploying MFA in your organization.