When should we enable multi-factor authentication on Microsoft 365 email?

Updated

Enabling multi-factor authentication (MFA) on your Microsoft 365 email accounts means adding an extra step to the login process beyond just a password. This could be a code sent to a mobile phone or an app notification. It's a straightforward way to significantly reduce the risk of unauthorised access to your business email, which is often a prime target for cybercriminals.

Why this matters for UK SMEs

Email accounts hold sensitive information, including customer data, financial details, and internal communications. If a hacker gains access, it can lead to data breaches, loss of customer trust, and costly downtime. For UK businesses, this also raises compliance concerns under UK GDPR and the Data Protection Act 2018, which require reasonable security measures to protect personal data. Cyber Essentials certification, often a requirement for government contracts, specifically recommends MFA as a key control.

Without MFA, a stolen or guessed password can give attackers full access to your email and other connected Microsoft 365 services. This can result in phishing scams sent from your account, ransomware attacks, or theft of confidential data. For a small or medium-sized business, recovering from such incidents can be disruptive and expensive.

A typical scenario

Consider a UK business with around 50 employees using Microsoft 365 for email and document sharing. They rely heavily on email for customer communication and invoicing. One day, an employee's password is compromised through a phishing email. Because MFA was not enabled, the attacker logs in and sends fake invoices to customers requesting payment to a fraudulent bank account. The business only discovers the scam after customers report suspicious activity, leading to financial loss and reputational damage.

A proactive IT partner would have recommended enabling MFA as part of their security setup and helped the business roll it out smoothly. They would also assist with staff training to recognise phishing attempts and regularly review access controls and security policies.

Practical checklist for your business

  • Ask your IT provider: Do you enforce MFA on all Microsoft 365 accounts, especially those with admin rights?
  • Check your Microsoft 365 admin centre: Is MFA enabled for all users? If not, which accounts are exempt and why?
  • Review your password policies: Are strong, unique passwords mandatory alongside MFA?
  • Assess user access: Are there any shared or generic accounts without MFA?
  • Plan user onboarding: Is MFA part of the setup process for new employees?
  • Train your staff: Do employees understand how MFA works and why it's important?
  • Consider compliance: Does your security setup align with Cyber Essentials or ISO 27001 requirements?

Next steps

Implementing MFA on Microsoft 365 email is a vital step to protect your business from common cyber threats. It's a relatively simple measure that can prevent serious incidents and support compliance with UK data protection standards. Speak with a trusted managed IT provider or IT advisor who understands your business needs and can guide you through enabling MFA effectively, including staff training and ongoing support.

Tools & software for this topic

Not ready to change IT providers yet? These buying guides walk through tools your team can use to improve things on your own.

We may earn a small commission if you sign up with any of these tools and services, at no extra cost to you. We only feature tools that are appropriate for British businesses like yours.

Tools you can try right away

These tools line up with the topics in this guide and are commonly used by small and mid-sized businesses.

AvePoint Cloud Backup

Best for: Best for UK SMEs needing comprehensive Microsoft 365 backup with granular recovery

Reliable cloud backup for Microsoft 365 with flexible restore options

AvePoint Cloud Backup is commonly used to protect Microsoft 365 data including emails, files, and Teams. It offers flexible restore options and supports compliance with UK data protection standards. Many organisations use it to reduce risk and simplify data recovery.

View AvePoint Cloud Backup plans

Backupify (Datto)

Best for: Best for UK SMEs using Microsoft 365 that want reliable, automated backup with straightforward restore tools

Automated cloud backup for Microsoft 365 with easy recovery options

Backupify (Datto) is commonly used to protect Microsoft 365 data including emails, files, and calendars. It offers automated backups with simple recovery options, helping businesses reduce data loss risk and maintain productivity without complex setup.

View Backupify (Datto) plans

Barracuda Email Protection

Best for: Best for UK SMEs needing comprehensive email filtering with easy management

Protects business email from spam, phishing, and malware threats

Barracuda Email Protection is commonly used to secure business email by filtering spam, phishing, and malware. It offers straightforward administration and integrates well with Microsoft 365, helping reduce email-related risks and improve productivity.

View Barracuda Email Protection plans

CleanTalk

Best for: Best for UK SMEs seeking straightforward, low-maintenance spam and bot protection

Helps reduce spam and phishing risks with cloud-based email filtering

CleanTalk is a cloud-based email security tool commonly used to block spam and reduce phishing attempts. It offers simple integration and minimal ongoing management, making it suitable for small businesses with limited IT resources.

View CleanTalk plans

CloudAlly

Best for: Best for UK SMEs needing straightforward backup for Microsoft 365 and Google Workspace

Reliable cloud backup to protect Microsoft 365 and SaaS data

CloudAlly offers cloud-to-cloud backup for popular SaaS platforms like Microsoft 365 and Google Workspace. It is commonly used by SMEs to reduce data loss risk with automated daily backups and easy recovery options.

View CloudAlly plans

CubeBackup

Best for: Best for UK SMEs needing straightforward backup of Google Workspace or Microsoft 365 accounts

Reliable cloud backup for Google Workspace and Microsoft 365 data

CubeBackup is commonly used to back up Google Workspace and Microsoft 365 data, helping businesses protect emails, contacts, and files. It offers automated backups with easy restoration options, suitable for organisations wanting to reduce data loss risk without complex setup.

View CubeBackup plans

Need hands-on help?

If you’d rather have a provider handle this for you, here are firms that work on Microsoft 365 & Email in United Kingdom.

Top firms for Microsoft 365 & Email
Cloud10 IT & Cloud Services
Manchester, England

Overview

Cloud10 IT & Cloud Services is a managed IT services provider based in Manchester, England. They specialise in delivering reliable IT support tailored for small and medium-sized enterprises (SMEs), charities, and professional services. With a focus on fostering secure communication and efficient issue resolution, this IT support company plays a vital role in enhancing the operational integrity of their clients.

This MSP is dedicated to providing consistent and effective support that simplifies the IT experience for its clients. They ensure that technical issues are resolved swiftly and that there is ongoing communication throughout the process. By offering a range of services, Cloud10 helps organisations streamline their operations while maintaining compliance with regulations such as the UK GDPR and Cyber Essentials.

What clients say about this company

Feedback from clients highlights the exceptional level of support they receive from Cloud10. Many appreciate the ease of raising issues and the prompt response times that facilitate smooth resolutions. Clients often remark on how well the team communicates during troubleshooting, which builds trust and reassurance.

5.0★
Solid Rock IT UK
London, England

Overview

Solid Rock IT UK is a managed IT services provider based in London, England. They focus on delivering reliable IT support and tailored solutions for a range of clients, including small and medium-sized enterprises, charities, and educational institutions. With a commitment to security, this IT support company helps clients navigate their IT challenges efficiently.

This MSP specialises in various areas, including cybersecurity, network cabling, and WiFi solutions. They aim to ensure that clients maintain robust IT systems while offering clear communication and thorough follow-up for all services. Solid Rock IT UK places a strong emphasis on delivering personalised support to meet the unique needs of each customer.

What clients say about this company

Clients appreciate the consistent follow-up and clear communication provided by this company. Many have noted the professionalism of their engineers, who demonstrate expertise when addressing issues related to hardware upgrades and system setups at clients' locations.

The company's dedication to thoroughness and transparency has also garnered positive feedback. Clients feel reassured by Solid Rock IT UK's honest approach and their ability to resolve IT issues promptly, helping them achieve necessary cybersecurity certifications and improve their network setups.

4.9★
Optima Computers
London, England

Overview

Optima Computers is a managed IT services provider based in London, England. This IT support company focuses on offering reliable IT solutions to a variety of clients, including small and medium-sized enterprises, charities, and professional services. Their aim is to ensure technology functions smoothly, helping organisations maintain productivity and efficiency.

This MSP provides a range of services, including IT support, data recovery, and WiFi solutions. They are known for their commitment to customer satisfaction, providing clear communication and timely assistance. With a strong emphasis on reliability and transparency, this company tailors its services to meet the specific needs of their clients while adhering to relevant standards such as UK GDPR and Cyber Essentials.

What clients say about this company

Clients often appreciate the personal and attentive service provided by Optima Computers. Many highlight the reliability and speed of their IT support, mentioning prompt responses to issues and effective resolutions. Positive experiences include efficient repairs and transparency regarding costs and procedures.

The commitment to customer care is frequently noted, with clients expressing gratitude for the patience and professionalism of the staff. This managed IT services provider has built a reputation for being friendly and approachable, making the technology-related challenges easier to face for their clients.

4.9★
XPS Solutions Ltd
Hessle, England

Overview

XPS Solutions Ltd is a managed IT services provider based in Hessle, England. This IT support company focuses on delivering comprehensive IT solutions to small and medium-sized enterprises (SMEs), charities, and professional services across the UK. They aim to assist clients in improving their IT infrastructure and ensuring smooth operations.

This MSP offers a range of services, including IT support and WiFi management, tailored to meet the needs of their clients. Their commitment to effective communication, quick response times, and problem resolution underlines their reliability. By adhering to standards such as UK GDPR and Cyber Essentials, they ensure that their solutions are secure and compliant.

What clients say about this company

Clients appreciate the prompt and effective support provided by XPS Solutions Ltd. Many have praised the team's professionalism and their ability to resolve issues rapidly, demonstrating a strong commitment to customer satisfaction. Their staff are often described as helpful and knowledgeable.

Feedback highlights the company's emphasis on empathy and clear communication throughout the support process. Clients report feeling reassured by the team's dedication to solving problems efficiently and providing excellent service, which effectively reduces stress and builds confidence in their IT systems.

5.0★
Stephensons IT Support Solutions Ltd
Barnsley, England

Overview

Stephensons IT Support Solutions Ltd is a managed IT services provider based in Barnsley, England. This IT support company focuses on delivering reliable support for various technology needs, particularly for small and medium-sized enterprises (SMEs) and educational institutions. Their goal is to ensure clients have seamless access to technology and are equipped to handle any IT challenges.

This MSP offers a range of services, including IT support, hardware repair, and maintenance. They are known for their clear communication and transparent pricing, which help build trust with clients. With a focus on resolving issues quickly and efficiently, this provider supports clients in maintaining smooth operations and enhancing their overall tech experience.

What clients say about this company

Clients appreciate the professionalism and reliability of Stephensons IT Support Solutions Ltd. Many have noted the clear communication throughout their service experience, which contributes to a positive working relationship. Customers often describe the company as honest and straightforward, valuing the transparency in pricing and service timelines.

Feedback highlights the quick resolution of IT issues, with clients reporting satisfaction with the speed of service. Many users have recommended this IT support company for its competitive pricing and the quality of repairs. Overall, clients express confidence in the support provided, often returning for additional services when needed.

5.0★
Com Cubed Computers
Londonderry, Northern Ireland

Overview

Com Cubed Computers is a managed IT services provider based in Londonderry, Northern Ireland. They offer a range of IT support services, helping small to medium enterprises (SMEs), charities, and professional services to manage their technology needs effectively. This IT support company focuses on delivering reliable solutions, ensuring clients have the right tools and support for their operations.

This MSP assists clients with various services, including computer repairs, technical support, and system management. They are committed to transparency and organisation, providing clear communication throughout the service process. By aligning with standards such as UK GDPR and Cyber Essentials, they prioritise security and data protection for all their clients.

What clients say about this company

Clients appreciate the consistent communication and reliability offered by this managed IT services provider. They often highlight the efficiency of the repairs and services, such as replacing screens or removing batteries, praising the company's timely follow-up and dedication to making sure everything works well after a service.

Feedback reflects a strong appreciation for the honesty and transparency displayed by Com Cubed Computers. Customers frequently commend their fair pricing and the quality of documentation provided during the service process, reinforcing trust in their expertise and commitment to client satisfaction.

4.7★
See all Microsoft 365 & Email service companies
By city
London, England
View all
Manchester, England
View all
Bristol, England
View all
Norwich, England
View all
Southampton, England
View all
Cardiff, Wales
View all
Edinburgh, Scotland
View all
Glasgow, Scotland
View all

Related reading