Steps to Set up Multi-Factor Authentication for Office 365
Any company that manages personal data needs to comply with multiple regulations to keep the personal data safe. There are quite a few ways to secure sensitive personal information. Currently, the most common method that allows companies to comply with a big number of regulations is multi-factor authentication (MFA). You can encounter this type of authentication system in various services, and Office 365 is no exception. Each platform may offer a slightly different type of MFA, so right now; we're going to check how Office 365 goes about it.
Table of Contents
What Is Azure Multi-Factor Authentication?
First, it is important to emphasize what kind of multi-factor authentication for Office 365 we're talking about here. According to the Microsoft Office Support, users who have the Office 365 business subscription get a free version of Azure MFA as part of their subscription deal. Therefore, we should take a look at what Azure does and how it can help you secure all sorts of information.
The Microsoft Azure support page suggests that the type of the system you want to use depends on what you want to secure. Depending on your needs, it is possible to enable MFA either in the cloud or Server. After that, it is necessary to consider what type of MFA features you need. There might be all sorts of security tokens, ranging from mobile app notification as a second factor to conditional access and cache. These lists on the support page might be confusing for a regular user, but they just show how versatile Azure is. After all, if you just choose to set up multi-factor authentication on Office 365, most of these steps will already be taken care for you.
Multi-Factor Authentication for Office 365
According to the Office 365 support page, the MFA used by Office 365 is managed from the Office 365 admin center. The system provides another layer of security when users sign in to their accounts because it requires a secondary identify verification method. The methods that users can choose from including a random passcode, a phone call, a virtual or physical smart card, and a biometric device.
If users have the subscription for Office 365 business, they can enable Azure MFA and then use a mobile app that works like a second authentication factor. It is also possible to use a phone call or an SMS message for authentication. The full list of features might be different depending on which version of Azure MFA users employ. The versions may differ according to what kind of Office 365 users use. For instance, it could be a cloud-only deployment or a hybrid set up. The hybrid set up may work with Active Directory (AD), which is a Microsoft directory service for Windows domain networks.
In fact, the Active Directory Authentication Library (ADAL) is used by TheOffice 2013 apps to support MFA. The Azure AD has a webpage where users can sign in, and then there are several steps to take before the users can be authenticated. First, the user is redirected by Azure AD to sign-in into a web page that is hosted by the identity provider. When the user signs in on their device the identity provider sends a token back to Azure AD once the sign in is successful. Azure Active Directory then sends a security token (called JSON Web Token) back to the Office device app, and the authentication process is complete.
Do regular Office 365 users need to know all the technicalities to employ MFA? Not really. You don't need to know how a car engine works to drive a car, right? Nevertheless, it is always a good idea to go through the peculiarities of a system before you employ it.
How to Set Up Multi-Factor Authentication for Office 365
So now we get down the main part of this blog entry, where we're going to talk about setting up MFA for Office 365. Please note that you have to have global admin rights to follow the setup steps below.
- Access Office 365 admin center.
- Log in to your account.
- Select Users and go to Active users.
- Select More and choose Setup Azure multi-factor auth.
We would like to mention here that if you do not see the "More" option on your settings menu, it means that you do not have the global admin rights. If you do have the More option, and you open the settings for the MFA setup, you need to go through the list of users for whom you need to enable multi-factor authentication. Depending on the user settings you may see the three following values:
- Any. Default state. Shows all users.
- Enabled. The user's MFA setup has begun, but they still need to complete the process once they sign in the next time.
- Enforced. The value has two options. Either the person has completed the registration, and they are using MFA, or they still need to complete it once they sign in again.
From here, let's go back to numbered bullet points to complete the MFA setup.
- Mark the checkbox next to the users for whom you want to set up MFA.
- Select Enable under quick steps on the right.
- Select enable multi-factor auth in the dialog box.
And that's it! MFA has been set up. After that, there are still a few options either the global admin or users might want to take, but that depends on what kind of security tokens you want to use and what kind of accounts you have.
For example, you can set up 2-step verification for Office 365, or allow users to create app passwords for the Office client apps that they are using. There are also ways to manage user settings and to bulk update users in MFA. Most of these functions are available for users with the global admin rights only, but they can make your overall information transmission process faster and more secure. Not to mention that can you always rely on the subscription support, so do not hesitate to explore your possibilities!
I would suggest not limiting yourself to just 2 factors if at all possible.