We recently helped a Dunedin business handle a compromised email account after a user clicked a phishing link. We secured the account and reset the password quickly, but the real question was: How did this happen if the company uses MFA?
During our investigation, we found the loophole. The client handles their own new user setups in Microsoft 365, but they were relying on the older, manual method of turning on MFA. For this one new employee, that checkbox accidentally got missed.
The Fix
We switched their tenant over to Azure-enforced MFA. Now, anytime they add a new team member to their operations, the system forces MFA to be configured on day one. No manual toggles, no human error, no loopholes.
If your business creates its own user accounts, make sure your security is automated, not manual.
At Decision1, we help organisations secure their Microsoft 365 environments and automate user onboarding. If you'd like a review of your M365 setup, we can help. Contact us today.