Back

Multi-Factor Authentication for Office 365

Microsoft just recently announced the release of MultiFactor Authentication for Office 365 to midsize business enterprise plans academics nonprofi...

5 min read
Published on Feb 13, 2014
Multi-Factor Authentication for Office 365

Microsoft just recently announced the release of Multi-Factor Authentication for Office 365 to midsize business, enterprise plans, academics, nonprofits, and standalone Office 365 plans to include Exchange Online and SharePoint Online. This release will allow those with these subscriptions to enable multi-factor authentication for their Office 365 users without additional costs, fees or subscriptions. Multi-Factor Authentication is powered by Windows Azure Multi-Factor Authentication and works directly with Office 365 applications and is managed by the Office 365 portal. Multi-Factor Authentication increases security for Cloud services beyond a single password. By adding this layer of security, users have to respond to or acknowledge a text, call, or other type of notification after entering their password. This layer of protection helps guard user accounts against password cracking and guessing attempts. If someone successfully manages to enter a correct password, they are still required to enter a second form of authentication in order to sign in. Administrators have been able to use the multi-factor authentication since June last year. App Passwords are a capability that has been available to admins since June as well and are part of the enhanced capabilities Microsoft is adding so users can authenticate their login from Office desktop apps. Users who are authenticating from federated on-premises directories are now enabled for multi-factor authentication as well. Security is always a concern with the growing number of threats by hackers, spyware, viruses, and other factors that can cripple a network or cause malicious damage to a user account, and is a large part of what drove the addition of multi-factor authentication to Office 365. Through this extra layer of authentication, Office 365 offers a robust security feature that is built in for all users plus some optional controls that enable customization of security preferences. Upon initial entering of an Office 365 password, a user will receive a phone call sent to their mobile phone which must be answered as it will provide additional login information in order to complete the login process. Users have the choice of using other verification options such as a text message for this secondary login information. Administrators can establish multi-factor authentication for users through the Office 365 admin center. Admins can go to the “users and groups” section on the left hand side of the admin center, select “active users”, and set multi-factor authentication requirements from there. After users have multi-factor authentication enabled on their account they will have to establish a second means of authenticating themselves the next time they login. Each login after that will require the method they select as the second layer of authentication. Options for the second layer of authentication include: Call my mobile phone, Text code to my mobile phone, Call my office phone, Notify me through app, and Show one-time code in app. The apps are available for smartphones and once users set that notification they will have to start the app and enter a six-digit code from the app into the portal. Once users are enrolled for this authentication they will have to set App Passwords in order to use the Outlook, Lync, Word, Excel, PowerPoint, and SkyDrive Pro apps, otherwise they will not be able to access them. App passwords are strong passwords instead of the second authentication layer and are generally 16 characters in length and are randomly created.  This additional layer of security may sound tedious but it provides peace of mind knowing the additional layer of security will protect against break-ins to their account. With the recent events such as the breach of a major retail store’s credit card information, one cannot be too protected against attacks. Future developments by Microsoft in multi-factor authentication include smart card certificates in which a user will have a physical card with an embedded smart chip used to authenticate a user by prompting for a PIN. Smart cards are used by the US government and are issued to all active duty soldiers, civilian workers, and contractors in order to gain access to government systems. Microsoft already has plans to work with the U.S. Department of Defense with the Common Access Cards already in place. The same principle will now apply to corporate and private industry. Though in its early stages of development by Microsoft, smart card certificates will be one of the first physical media users will have for authentication into their Office 365 accounts and should protect them as they would a credit card. PINs for smarts are typically 8 to 10 numbers; Microsoft may reduce or add the number of digits required for their smart cards upon release to users and administrators. Office 365 users will be able to use multi-factor authentication directly from Office 365 client applications as part of Microsoft’s next move in authentication. Microsoft plans to add native multi-factor authentication for Office 365 applications later this year. This will include current phone-based authentication and add capabilities to other forms of authentication such as third party multi-factor authentication.

This post has matured and its content may no longer be relevant beyond historical reference. To see the most current information on a given topic, click on the associated category or tag.

Related Posts

CMMC Compliance — Understanding the Requirements and Why It's Important

CMMC Compliance — Understanding the Requirements and Why It's Important

CMMC compliance is crucial for protecting Controlled Unclassified Information (CUI) in defense contracts. Learn what CMMC is, its certification levels, and why it matters.

Jul 2, 2025
9 min read
CMMC Certification vs. Self-Assessment What You Need to Know

CMMC Certification and Self-Assessment: What Contractors Need to Know

Not all contractors need a third-party CMMC certification. Find out the differences between CMMC certification and self-assessment and which one applies to your organization.

Jul 1, 2025
7 min read
How Much Does It Cost to Achieve CMMC Compliance?

How Much Does It Cost to Achieve CMMC Compliance and Prepare for Certification?

CMMC compliance costs vary by level and organization size. Get a breakdown of certification expenses, hidden costs, and funding options for meeting CMMC requirements.

Jun 30, 2025
7 min read
Azure Migration Planning A Complete Assessment Checklist for a Successful Transition

Azure Migration Planning A Complete Assessment Checklist for a Successful Transition

A successful Azure migration starts with proper planning. Use this step-by-step assessment checklist to evaluate infrastructure, dependencies, and tools before migrating.

Jun 23, 2025
7 min read
Migrate On-Premises VMs to Azure: Tips, Advice & Best Practices

Migrate On-Premises VMs to Azure: Tips, Advice & Best Practices

Learn how to migrate on-premises VMs to Azure with expert tips and best practices. Optimize your cloud migration strategy for security, performance, and cost efficiency.

Jun 20, 2025
9 min read
Azure Migration vs AWS Migration Key Differences

Comparing Azure Migration and AWS Migration Key Differences in Cloud Strategy

Comparing Azure and AWS for cloud migration? Learn the key differences in pricing, security, tools, and performance to choose the right platform for your business.

Jun 18, 2025
8 min read

Ready to Secure and Defend Your Data
So Your Business Can Thrive?

Fill out the form to see how we can protect your data and help your business grow.

Loading...
Secure. Defend. Thrive.

Let's start a conversation

Discover more about Agile IT's range of services by reaching out.

Don't want to wait for us to get back to you?

Schedule a Free Consultation

Location

Agile IT Headquarters
4660 La Jolla Village Drive #100
San Diego, CA 92122

Secure. Defend. Thrive.

Don't want to wait for us to get back to you?

Discover more about Agile IT's range of services by reaching out

Schedule a Free Consultation