Let's talk about MFA...Monday, December 14, 2020 at 09:00am
My company would like to get their stuff secure with MFA. Well, not everything, but at least they want to secure the remote access VPN and our O365 accounts. So, that's a plus.
Let me give a bit of where we are at. Our AD is on-prem and is synced to Office 365 where we use Exchange Online for email. We also use stuff like Sharepoint, OneDrive, Skype for Business, and Teams. Part A of all this means we would like to secure those accounts with MFA.
On top of that, we use Sophos XG firewalls for remote access VPN. We would like to secure that with MFA.
Now comes the question. I've looked into a few things and it looks like Duo would fit our needs. However...the owner of the company read one article regarding the Google Titan Security Key and thinks we should go that way. From what I have read, the Titan is just like any other hardware security key (like Yubikey). There is one thing I seem to be unclear on.
I have found some sources that say O365 can use a hardware token. I have found some sources that say O365 cannot use a hardware token. Does anyone know for sure?
I believe that Sophos can use a hardware token, and I can find out with a call to the support desk.
My main question would be on management. If I get 100 people hardware tokens, how do I manage all of them? For O365, do I need to turn on and subscribe to Microsoft's MFA? Is that where I manage them?
Or do these just all get sent to the wild with the best of luck attached to them?