Office 365 and Azure Active Directory (Azure AD) customers were the targets of billions of phishing emails and brute force attacks successfully blocked last year by Microsoft, according to Microsoft’s Corporate Vice President for Security, Compliance, and Identity.

“From January 2021 through December 2021, we’ve blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365,” Microsoft said. Obviously Microsoft is a huge target for hackers and brute force attacks are expected to grow exponentially.

Additionally, the COVID-19 pandemic has changed the way people work forever, which has increased security risks for companies, many of which can be mitigated by using MFA to protect their employees’ accounts. MFA creates a practical problem for phishing actors, as stealing the account credentials is no longer enough for them to assume control of them.

Multi-factor authentication (MFA) and passwordless solutions can go a long way in preventing a variety of threats.

Based on Microsoft cybersecurity studies, your account is more than 99.9% less likely to be compromised if you use MFA. Multi-factor authentication and passwordless authentication make it a lot harder for threat actors to brute force their way into their targets’ Microsoft accounts.

Threat actors can easily gain access to systems and accounts not protected with MFA since passwords can be easily stolen or guessed using various techniques, including phishing, keylogging, network sniffing, social engineering, malware, brute-force attacks, and credential dumping.

A joint study by Google, New York University, and University of California San Diego also discovered that MFA can block up to 100% of automated bots, 99% of bulk phishing attacks, and approximately 66% of targeted attacks.

Recently, Microsoft warned of an active multi-stage phishing campaign that was blocked on networks where an MFA policy was enabled in Azure AD. Enabling multi-factor authentication  whenever possible makes it a lot harder or even impossible for attackers to pull off a successful attack and take control of your accounts. Yet, many businesses have yet to adopt these cybersecurity strategies.

We cannot stress enough the importance of MFA to securing your organization. We offer MFA to all our clients as a foundational piece of the cybersecurity puzzle.


ACE IT Solutions offers a comprehensive suite of customizable cybersecurity services, including MFA, to meet your organization’s specific risk profile and compliance needs.

We continually invest in evolving our information protection program, developing our people, processes, technology and systems to create best-in-class risk management services. Protecting your information requires a strong defense on all fronts: from setting a dynamic cybersecurity strategy to developing and implementing comprehensive controls and information security services.

Contact us at 646.558.5575 to learn more about how partnering with ACE IT Solutions can help control your technology costs and make your business more secure.

Learn more about protecting your Microsoft environment from cyber attacks here.

Get More Information

Use the form below to get more information about ACE IT Services and what we can do for you.

  • This field is for validation purposes and should be left unchanged.