Enabling Multi-Factor Authentication in Office 365 (MFA)

MFA or Multifactor Authentication been there for quite some time now. Everyone on the internet already used to it which provides better security on the applications over the internet.

The name describes it all, basically the MFA allows you to have more than one method of signing in to a service or application such as your Outlook.com account, Facebook or Gmail or even your e-banking login. This means, you have multiple factors to verify your identity in order to sign you in.

Beyond the traditional single password you supposed to use, MFA allows you to have more than one method to sign in such as Phone Number, Passcode in addition to the password. With this capability, even if your password was stolen, stealer won’t be able to use it to sign in to your account without knowing the phone number or passcode which is required to sign in.

Microsoft is massively investing on security and compliance day by day with lots of new improvements on these criteria’s. Yet this isn’t very new for O365, MFA for O365 was first introduced in February 2014 through this blog article.

Now let’s see how we can set this up and let our users to utilize the service in a more secure way as they waited for it.

You need to login to Office 365 as Global administrator and open up Admin Panel. New Admin Panel makes this pretty easy for us.

Before start, let’s not forget this insightful article on MFA here. you can get a good briefing through this one to get started.

clip_image001

Direct to Users and open up Active users in this case. Under More Dropdown, Click on “Setup Azure multi-factor auth” link. This will take you to the MFA configuration page.

clip_image002

Select the User you want to force MFA for.

clip_image003

From the right pane, click “Enable” link to enable MFA. You can perform this as a bulk operation too by selecting everyone or several.

clip_image004

Click “Enable” to perform the operation

clip_image005

Hit on “enable multi-factor auth” to start the enabling. This is just a few seconds work. Before this step, ensure that you have taken necessary actions to inform users on what they need to do when they sign in to portal next time and when using other devices.

clip_image006

Successful message will indicate that everything went well.

clip_image007

At the very next login to the portal by the selected user/s, it will prompt to insert the security code texted or given via a call on the user’s mobile phone number.

By selecting Different verification option, user/s can select whether it’s a text message or a voice call which provides the security code. Pretty simple !

clip_image008

Then we can Enforce the MFA. Enforcing and Enabling are two different things. You need to enable MFA first before Enforcing. Enforcing Option will only appear after enabling.

With Enforcing, you are as a admin enforcing end users to have APP Passwords for their non-browser application such as Outlook, Skype for Business or Lync.

clip_image009

Simply select User/s as same as we did before and click on “Enforce” Link on right pane. Click Enforce again on the prompt message.

clip_image010

Just in a few seconds, Success message will indicate that you are done.

clip_image011

Additionally, If you click on “Manage User Settings” Link on the right pane, there are few more features to ensure better security.

You can Enforce to provide contact methods for selected users again.

Delete all app passwords created by the selected users.

Or restore MFA on all devices which are remembered.

These options can be utilized in special events as you need.

clip_image012

Advertisements

One thought on “Enabling Multi-Factor Authentication in Office 365 (MFA)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s