For years, MFA has been considered the gold standard for account security. Microsoft even reports that MFA can block over 99% of identity attacks. Yet in 2025, breaches continue to rise, even at organizations that already have MFA enabled.
Why is MFA failing, and more importantly, what can MSPs do to fix it?
Until recently, many MSPs relied on Microsoft’s per-user (legacy) MFA model. While it was a step in the right direction, it came with major weaknesses:
Inconsistent Coverage – Users often slipped through without MFA enforced, creating gaps attackers could exploit.
Inflexibility – Legacy MFA applied the same rules to every user, regardless of role, location, or risk level.
User Pushback – Frequent prompts led to “MFA fatigue,” where end users approved malicious login attempts just to get back to work.
Deprecation – Microsoft is retiring per-user MFA in 2025, meaning MSPs must move to modern, policy-based authentication models.
Even when MFA is enabled, attackers have found ways around it:
Phishing MFA Codes through fake login pages.
Session Hijacking where valid tokens are stolen and reused.
Prompt Bombing that overwhelms users with endless authentication requests until they click “approve.”
These tactics highlight that MFA alone is not enough. It needs to be configured, monitored, and enforced correctly.
MSPs have a critical role to play in ensuring MFA actually protects client environments. Here’s how:
Adopt Modern Authentication Policies
Move away from legacy per-user MFA. Use Conditional Access to enforce MFA based on location, device, and risk signals.
Standardize MFA Across Clients
Every tenant should have a baseline MFA policy applied consistently. Gaps and exceptions create risk.
Monitor MFA Drift
Security policies change over time. MSPs need tools that detect when MFA requirements are weakened or bypassed.
Educate Users
Train clients to recognize MFA phishing attempts and why approving unexpected requests is dangerous.
Use the Right Tools
Managing MFA across dozens of tenants manually is slow and error-prone. MSPs need a centralized way to enforce, monitor, and report on MFA adoption.
Augmentt MFA was purpose-built for MSPs. It enables you to:
Break into Microsoft 365 security services with ease by offering MFA as a powerful first step.
Monitor and manage MFA configurations across multiple clients from a single console.
Detect policy drift and missed enforcement before attackers do.
Generate clear client reports that build trust and demonstrate the value of your security services.
MFA remains one of the most effective defenses against account compromise, but only when it is managed properly. With legacy MFA going away, now is the time for MSPs to take control.
With Augmentt MFA, you can standardize, monitor, and prove MFA adoption across all your clients, protecting them from today’s most common attacks and giving your business a new revenue-generating security service.
Augmentt is a centralized SaaS security platform built for MSPs to deliver scalable managed security services for Microsoft and cloud apps. Our multi-tenant platform gives you visibility across all your end-users to easily audit, protect and detect security threats for a holistic approach to cyber security.