Back

Multi-Factor Authentication for Office 365

Microsoft just recently announced the release of MultiFactor Authentication for Office 365 to midsize business enterprise plans academics nonprofi...

5 min read
Published on Feb 13, 2014
multi-factor-authentication-for-office-365

Microsoft just recently announced the release of Multi-Factor Authentication for Office 365 to midsize business, enterprise plans, academics, nonprofits, and standalone Office 365 plans to include Exchange Online and SharePoint Online. This release will allow those with these subscriptions to enable multi-factor authentication for their Office 365 users without additional costs, fees or subscriptions. Multi-Factor Authentication is powered by Windows Azure Multi-Factor Authentication and works directly with Office 365 applications and is managed by the Office 365 portal. Multi-Factor Authentication increases security for Cloud services beyond a single password. By adding this layer of security, users have to respond to or acknowledge a text, call, or other type of notification after entering their password. This layer of protection helps guard user accounts against password cracking and guessing attempts. If someone successfully manages to enter a correct password, they are still required to enter a second form of authentication in order to sign in. Administrators have been able to use the multi-factor authentication since June last year. App Passwords are a capability that has been available to admins since June as well and are part of the enhanced capabilities Microsoft is adding so users can authenticate their login from Office desktop apps. Users who are authenticating from federated on-premises directories are now enabled for multi-factor authentication as well. Security is always a concern with the growing number of threats by hackers, spyware, viruses, and other factors that can cripple a network or cause malicious damage to a user account, and is a large part of what drove the addition of multi-factor authentication to Office 365. Through this extra layer of authentication, Office 365 offers a robust security feature that is built in for all users plus some optional controls that enable customization of security preferences. Upon initial entering of an Office 365 password, a user will receive a phone call sent to their mobile phone which must be answered as it will provide additional login information in order to complete the login process. Users have the choice of using other verification options such as a text message for this secondary login information. Administrators can establish multi-factor authentication for users through the Office 365 admin center. Admins can go to the “users and groups” section on the left hand side of the admin center, select “active users”, and set multi-factor authentication requirements from there. After users have multi-factor authentication enabled on their account they will have to establish a second means of authenticating themselves the next time they login. Each login after that will require the method they select as the second layer of authentication. Options for the second layer of authentication include: Call my mobile phone, Text code to my mobile phone, Call my office phone, Notify me through app, and Show one-time code in app. The apps are available for smartphones and once users set that notification they will have to start the app and enter a six-digit code from the app into the portal. Once users are enrolled for this authentication they will have to set App Passwords in order to use the Outlook, Lync, Word, Excel, PowerPoint, and SkyDrive Pro apps, otherwise they will not be able to access them. App passwords are strong passwords instead of the second authentication layer and are generally 16 characters in length and are randomly created.  This additional layer of security may sound tedious but it provides peace of mind knowing the additional layer of security will protect against break-ins to their account. With the recent events such as the breach of a major retail store’s credit card information, one cannot be too protected against attacks. Future developments by Microsoft in multi-factor authentication include smart card certificates in which a user will have a physical card with an embedded smart chip used to authenticate a user by prompting for a PIN. Smart cards are used by the US government and are issued to all active duty soldiers, civilian workers, and contractors in order to gain access to government systems. Microsoft already has plans to work with the U.S. Department of Defense with the Common Access Cards already in place. The same principle will now apply to corporate and private industry. Though in its early stages of development by Microsoft, smart card certificates will be one of the first physical media users will have for authentication into their Office 365 accounts and should protect them as they would a credit card. PINs for smarts are typically 8 to 10 numbers; Microsoft may reduce or add the number of digits required for their smart cards upon release to users and administrators. Office 365 users will be able to use multi-factor authentication directly from Office 365 client applications as part of Microsoft’s next move in authentication. Microsoft plans to add native multi-factor authentication for Office 365 applications later this year. This will include current phone-based authentication and add capabilities to other forms of authentication such as third party multi-factor authentication.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

NIST 800 171 vs NIST 800 53

NSA Cybersecurity Collaboration: No-Cost Services Available to DoD Contractors

Learn how NSA cybersecurity collaboration provides no-cost services to DoD contractors, helping enhance security and compliance with advanced cyber protections.

Jan 10, 2025
6 min read
When is a New CMMC Assessment Needed

Understanding When and Why You Need a New CMMC Assessment

Learn when to schedule a new CMMC assessment, what triggers reassessments, and how changes in scope, contracts, or compliance impact your certification process.

Jan 6, 2025
9 min read
How Does VDI Solve the CUI and CMMC Conundrum?

How Does VDI Solve the CUI and CMMC Conundrum?

Explore how VDI for CUI helps businesses meet compliance requirements, ensuring secure data access while simplifying CMMC certification.

Dec 30, 2024
9 min read
Disaster Recovery Plan Enough

Is your disaster recovery plan enough?

Strengthen your Office 365 disaster recovery plan with granular backup, retention policies, and solutions to prevent data loss.

Dec 18, 2024
7 min read
Outlook Organization Tips

Outlook Organization Tips to Take Back Your Outlook Mailbox

Struggling with a cluttered Outlook mailbox? Discover quick and efficient organization tips to streamline your email management.

Dec 17, 2024
6 min read
Managing your Organization's Data-Backup on the Cloud

Managing your Organization's Data-Backup on the Cloud

Learn how to efficiently manage your organization's data backup on the cloud. Discover strategies for optimizing backup processes, reducing storage costs, and ensuring data availability and disaster recovery.

Dec 10, 2024
4 min read

Ready to Defend and Secure Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Defend. Secure. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Defend. Secure. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation