This might seem stupid, I have recently started working for a new company as in house IT. They also have an MSP that's nearing the end of contract. I questioned about pushing out MFA for all 365 accounts as this was becoming manadatory. The feed back given is that MSP said this is not needed and that MFA is not being pushed out by Microsoft.....have i picked this up wrong? I'm sure I read that it was
It all depends on how you put across "becoming mandatory" & "pushed out by Microsoft" ?
Security features are always a "good to have" but never "forced upon" especially in western nations especially USA due to things like "freedom" & "democracy". Many have used terms like "communist" or "dictatorship" when nations like UK & Singapore began enforcing GPDR and PDPA to protect customer data which even China enforce (PIPL).
Then Microsoft does not pay your MSP or your IT staff ?? Your management do.....
If your CEO, CFO, CIO wants to review and implement 2FA or MFA, this can be like end of contract project or end of contract proposal ? The next MSP contract would be based on MFA proposal ??