on (Azure Active Directory) for all cloud services (such as Exchange Online, Teams, SharePoint etc.) An interesting and challenging project, in which one or the other hurdle had to be overcome.
Multi-factor authentication, or MFA for short, is a procedure for secure access to the company network in which the user has to authenticate himself with additional information besides his name and password. This is usually the cell phone number, explains project manager Moritz.
One of our customers, a large pharmaceutical company, wanted to switch from its on-demand MFA solution to a universal MFA solution in Azure. The reasons: on the one hand, cost savings, because MFA is part of the company's own Azure licenses anyway and thus no additional system needs to be financed; on the other hand, reduction of complexity, because in this way authentication and MFA components are brought together in one “world”.
We were assigned with the enterprise-wide implementation and deployment of Azure MFA. This included the full range from design, configuration, technical conception, methods, administration and user documentation for all relevant operating systems including mobile platforms over instructing the service desk on troubleshooting and solutions to communication and coordination of the enrollment. The users then had to set up MFA each for themselves.
Course of the project
The whole thing was carried out for 100,000 users on all continents, while operations continued as usual. The project took about a year and resulted in an 80% enrollment rate. A great success. The hardest part, says Moritz, was raising awareness among the employees. Those who were already using the on premise version saw no reason to switch to Azure, and the others who weren't using multi-factor authentication saw no benefit in the increased security measures. Our team first had to understand exactly how people worked. Our approach was to get contacts in each country to push the issue with us, so that there were no language or cultural hurdles.
We had expected resistance beforehand, Moritz says, but not the other challenges: Microsoft changed processes 2-3 times during this period, so we had to start from scratch each time.
Technically, the challenge was to cover all areas, because there is, of course, no 1:1 transfer of functionalities from the on premise system. And we had to define the exceptions, whose number had to be kept as low as possible. A piece of cake compared to the effort to bring people along. In the end, the proportion of technical share to communication was 30 to 70 %.
The project shows the importance of multi-factor authentication. This is also true for small companies, which might be afraid of the costs. Our recommendation: There are various systems, even inexpensive ones, that all include the basic functions. The minimum is securing administrative and privileged accounts. Those who do not have the IT expertise should call in a service provider. In any case, it is essential to keep sensitizing employees to the dangers of security leaks and hacker attacks.