It has been reported that although Multi-factor Authentication (MFA) has long beenĀ a standard security practice for guarding against account takeover it does have limitations. For example, as highlighted by The Hacker News, MFA solutions donāt offer protection to remote command line access tools like PsExec, Remote PowerShel. This means that even though a fully functioning MFA solution is in place, workstations and servers remain vulnerable to lateral movement, ransomware spread and other identity threats.
Also, it reports that MFA limitations in the on-prem environment could lead to cloud SaaS resourcesĀ being attacked. The advice is to regard MFA as a partial solution and to seek extra security measures.