The MSP’s Guide to Enhancing Client Security with Augmentt MFA

Why MFA Matters: Closing the Security Gap for MSPs

MFA is one of the most effective and simple ways to boost security. A 2023 study by Cornell University found that MFA can cut security risks by 99.2%. Yet, only 22% of Microsoft customers use MFA. This gap isn’t due to neglect but a lack of awareness.

For MSPs, managing MFA across many clients has been tough—until now. Augmentt MFA is a low-cost, easy-to-use tool that helps MSPs manage MFA across all clients. Here’s a guide for MSPs to use MFA effectively and show clients why it matters, with Augmentt MFA as the solution.

A Brief History of MFA Adoption

When Microsoft launched MFA, it was only for premium accounts. After making it free, MFA use rose from 1% to 2%. Still, many users resist it because they don’t like the extra login step. This is where MSPs come in. MSPs need to educate clients and give them tools like Augmentt MFA to make MFA easy and secure.

Ways to Enable MFA

MSPs should know the different MFA options and pick the best one for each client.

Good: Entra ID (Azure AD Per User)

Entra ID (formerly Azure AD) lets MSPs manage MFA for each user. But it’s manual and time-consuming. Microsoft is phasing out this method for easier, more scalable options.

Better: Security Defaults

Since 2019, Microsoft has made MFA automatic for new Microsoft 365 accounts. This helps, but it doesn’t work with older apps that don’t support MFA. MSPs must decide if enforcing security defaults is worth the potential disruption to these apps.

Best: Conditional Access Policies

Conditional access policies are the best way to manage MFA. They offer flexibility, letting MSPs set rules based on user roles, locations, and devices. This method also works with older apps and third-party MFA tools. Once set up, new users can be added easily, making this the most flexible option.

With Augmentt MFA, MSPs can manage these policies across multiple clients from a single dashboard, making the process simple and effective.

MFA Authentication Methods

MFA methods vary in strength. MSPs should guide clients toward stronger options when possible.

Good: SMS, Voice, and Email

These are the most common methods but are also the weakest. While better than no MFA, they are easy to hack. Still, they’re a good starting point.

Better: Authenticator Apps

Authenticator apps generate one-time passcodes (OTPs) that are much harder to hack. These apps are more secure and easy to use.

Best: Biometrics, U2F Tokens, and FIDO2 (WebAuthn)

Biometrics, hardware tokens, and FIDO2 are the strongest MFA methods. They offer the highest level of security by ensuring only the right person can log in.

How Augmentt MFA Solves MSP Challenges

Even though MFA is effective, MSPs have struggled to manage it across many clients. Configuring MFA manually, monitoring risky accounts, and fixing login issues can take a lot of time. Augmentt MFA solves these problems by providing:

MFA monitoring across all clients in one dashboard. You can quickly see which accounts have MFA enabled and which are at risk.
Easy MFA management for multiple clients. With one click, you can switch between clients, set up MFA, adjust settings, and fix issues.
Support for future changes as Microsoft phases out older methods. Augmentt MFA helps you migrate clients to modern authentication with ease.

Why MSPs Should Choose Augmentt MFA

Affordability and simplicity are the core of Augmentt MFA. We know MSPs need to deliver value while keeping costs low, so we made it an easy investment. It’s the perfect tool for MSPs looking to start offering security services for Microsoft environments.

But Augmentt MFA is more than just a tool. It’s a way for MSPs to grow their business. As you roll out MFA, you can offer more security services, like monitoring and alerting, making you the go-to expert for Microsoft security.

Author

Gavin Garbutt

Co-Founder & Chairman of Augmentt

FAQ

How hard is it to setup?

Using our GDAP tool & Magic Link, setting up is easy! You can integrate with your CSP partner portal in minutes

How do security baselines work?

Augmentt uses a combination of Microsoft Secure Score best practices as well as industry standards such as NIST & CIS. You can use the out of box templates to get started right away and even build your own custom templates to match your client requirements.

How many alerts will I receive:

Out of box, Augmentt comes pre-configured to not be noisy. Very few Microsoft alerts are critical in nature so you will be receiving tickets for account breaches and not minor user log related events. That said, everything is customizable and you can turn alerts on & off to match your clients’ needs.

Are reports always automated?

No. You can choose to schedule alerts to any stakeholder you want and at the frequency you want or manually download reports when you need them.

What if my tenants use different types of MFA / How does MFA work?

Regardless of how MFA is managed across your tenants, we have you covered. Augmentt supports Conditional Access Policies, Security Defaults, Entra ID per user (Legacy) MFA as well as 3rd party MFA services like DUO.

Do my tenants need premium Microsoft licensing?

No. You can use Augmentt to monitor and manage all clients regardless of their licensing. For environments with no premium licensing you can still provide alerts and monitoring for account breaches and configure security best practices. For environments with premium licensing, you can leverage Microsoft’s premium alerts and premium security configurations such as Conditional Access Policies.

How secure is the Augmentt platform?

Augmentt is one of the few vendors SOC 2 Type II, and GDPR compliant.

How is it licensed?

Site licenses to make sure you can deliver standardized service across all clients very affordably.

Login