Microsoft says MFA adoption remains low, only 22% among enterprise customers

Despite years of promotional efforts to get users to enable stronger authentication mechanisms, Microsoft said this week that only 22% of all its Azure Active Directory (AD) customers used a multi-factor authentication solution to secure their accounts last year.

"The need to enforce MFA adoption or go passwordless cannot be overstated," the OS maker said in its inaugural Cyber Signals report earlier this week.

The company said that MFA is the simplest solution it can offer its customers to block brute-force attacks and email phishing attempts, all of which the company has seen record numbers last year.

"From January 2021 through December 2021, we've blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails," it said.

Microsoft has been trying to convince its users (and everyone else) about the benefits of enabling MFA for online accounts for quite a few years already.

In August 2019, the OS maker said that customers who enabled MFA for their Microsoft accounts ended up blocking 99.9% of all attacks.

A year later, speaking at the RSA 2020 security conference, Microsoft engineers also pointed out that 99.9% of all users who got their accounts compromised each month did not have MFA enabled.

However, despite repeated promotional efforts, from both Microsoft and many industry partners like Duo and Okta, the 22% figure still shows a slow adoption among the Azure AD customers, who are most likely to see attacks against their accounts in the first place.

Microsoft tracking 40 APTs, 140 other hacking groups

But Microsoft's inaugural Cyber Signals report, which the company said it plans to release each quarter, also addressed other facets of Microsoft's cybersecurity business.

One of the most important revelations is the fact that Microsoft's security teams currently have profiles and are tracking more than 40 state-sponsored hacking groups and more than 140 other threat actors.

For comparison, Google said last October that it was tracking more than 270 different government-backed threat actors active from inside 50+ countries.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles
Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.