ISO Position Paper

Position Title: Multifactor Authentication Requirement for Office 365

Position Audience: Princeton IT Professionals

Contact: Information Security Office: [email protected]

Position Release Date: November 2018

Problem Statement

Spammers continue to compromise credentials in order to leverage the University’s email
infrastructure to send large volumes of spam email. Measures were put in place on campus to
minimize this capability once an account is compromised. The migration of University email
services to Office 365 Exchange Online provides a new environment for spammers to attempt to
leverage for their use.

ISO Position

In order to minimize the capability of spammers to leverage compromised credentials in Office
365 Exchange Online, all access to email services must be multifactor protected.

Additional Information

Duo multifactor knowledge base article

Data classification: Public