Sponsored content contributed by AOC Business Partner: Covenant Technology Solutions
Most county incidents start the same way: a login that shouldn’t have worked. Multi-factor authentication (MFA) is essential—but it’s no longer the finish line. Counties can reduce account takeover risk significantly by adding a few practical identity controls that fit real-world staffing and budgets.
Here are five high-impact improvements to layer on top of MFA:
1) Conditional access (smart sign-in rules)
Block or challenge sign-ins from risky locations, unknown devices, or impossible travel.
2) Least privilege (limit admin power)
Make sure admin access is rare, time-bound, and tied to role—not convenience.
3) Separate admin accounts (no daily work as admin)
Administrators should have a dedicated admin account, not “one account that does everything.”
4) Reduce legacy authentication
Disable older login methods that bypass modern protections.
5) Monitor risky sign-ins + create a simple response routine
Set a cadence to review risky sign-ins and respond quickly (reset credentials, remove access, verify device health).
Quick win: run a 30-minute review of “Who has admin access today?” and remove anything that doesn’t match current responsibilities.
Want a structured way to implement these controls over time? Explore Fortify or start with a Security Score Assessment to baseline your current exposure.
Want to go deeper? Read the full guide at https://covenant-tech.net/blog/identity-controls-county-government-microsoft-365/