Currently, my organization is storing Personally Identifiable Information (PII) using regular SMB file shares, where access permissions are set on a folder/file level for users who need them. My boss wants to implement two-factor authentication (2FA) for added security when accessing these files. I've researched options for using 2FA with SMB file shares, but there seems to be no viable solution that meets his requirement of having a 2FA prompt appear when opening the folder. We're planning to migrate to OneDrive and SharePoint this year, and I've found that SharePoint could potentially meet his requests regarding 2FA. Alternatively, Microsoft Defender for Cloud Apps might also be a possibility. Has anyone successfully set up PII access with 2FA for SMB or SharePoint? Any insights or tips would be greatly appreciated!
1 Answer
It sounds like you're looking for a document management system that deals with data classification effectively. If you’re in the Microsoft ecosystem, SharePoint combined with Purview might be the way to go. Your boss’s request for 2FA on a per-document basis is a bit unconventional, since MFA is typically used for user authentication rather than individual file access.
I agree, it looks like Microsoft Defender for Cloud Apps (MCAS) could be what you need. It lets you mark folder paths with sensitivity levels in SharePoint. Keeping everything in one storage system is a smart move, so avoiding separate document management tools makes sense. Good luck!