MFAAuthenticationSecurity
MFA Implementation: A Step-by-Step Plan for the Whole Organisation
June 23, 2025 · 10 min read · System Networks
According to Microsoft, MFA prevents 99.9% of attacks using compromised passwords. It is the cheapest and most effective technical security measure per ruble spent. Yet 60% of Russian companies have still not deployed MFA — mainly out of fear of disrupting user workflows.
MFA Types: What to Choose
TOTP app (Google Authenticator, Yandex Key)
RecommendedSecurity: High
UX: Good
Cost: Free
Push notification (Duo, Microsoft Authenticator)
RecommendedSecurity: High
UX: Excellent
Cost: from $3/user/mo
SMS OTP
Security: Medium (SIM-swap risk)
UX: Good
Cost: ~$0.05/SMS
Hardware token (YubiKey, Rutoken)
Security: Maximum
UX: Requires device
Cost: ₽3,000–₽8,000/device
4-Phase Rollout Plan
Weeks 1–2: Inventory
- →List all services with authentication
- →Categorise: critical (VPN, email, AD) vs secondary
- →Choose MFA solution
Weeks 3–4: Pilot (IT team)
- →Enable MFA for IT department and admins
- →Test device loss and recovery scenarios
- →Write user guide
Month 2: Critical systems
- →VPN, corporate email, Active Directory
- →Mandatory for all privileged access holders
- →Configure backup codes for each user
Month 3: Full coverage
- →All remaining employees and services
- →Enable Conditional Access enforcement
- →Monitor: alert if user authenticates without MFA
MFA deployment and access management
Corporate VPN with MFA and Zero Trust →TOTP · Push MFA · Hardware tokens · FSTEC-compatible solutions