Let’s make one thing clear: every organization today should be using multi-factor authentication (MFA) wherever possible.
Even the strongest, most unique password is still just a single form of authentication standing between attackers and business-critical Software as a Service (SaaS) application data. Security measures like MFA can provide an important additional line of defense against adversaries, which is exactly why the U.S. Cybersecurity and Infrastructure Agency (CISA) recommends that MFA is enabled anytime that it’s available.