ISO Position Paper
Position Title: Multifactor Authentication Requirement for Office 365
Position Audience: Princeton IT Professionals
Contact: Information Security Office: InfoSec@princeton.edu
Position Release Date: November 2018
Spammers continue to compromise credentials in order to leverage the University’s email
infrastructure to send large volumes of spam email. Measures were put in place on campus to
minimize this capability once an account is compromised. The migration of University email
services to Office 365 Exchange Online provides a new environment for spammers to attempt to
leverage for their use.
In order to minimize the capability of spammers to leverage compromised credentials in Office
365 Exchange Online, all access to email services must be multifactor protected.
Data classification: Public