Enable Multi Factor Authentication

June 3, 2018 in office365 ‐ 3 min read

In this article I want to show how you can add another layer of security to the O365 login by enabaling multi factor authentication (MFA). We have to start by looking at the different options of MFA the microsoft portal offers.

  • Multi-Factor Authentication for Office 365 - free
  • Multi-Factor Authentication für Azure AD-Administratoren - free
  • Azure Multi-Factor Authentication - extra license

This article covers the free MFA for Office 365. It can only be used by accounts with an aktive O365 license.

Preparation

The changes you are about to enable will impact the way people use thier account. Think about how you communicate this and when to roll it out.

At first you should think about what your second factor is going to be. In the free version it coud be one of the following:

  • A call to your phone number providing a code
  • An SMS to your phone number providing a code
  • An App you use to scan a QR code on the screen

In this example I will be using the SMS as the second factor.

In addition the the code that is beeing sent via SMS, the user will be asked to generate a so-called “app-password” when configuring 2FA. This is needed to bypass 2fa when using the local office apps running on the users machine. (Outook for example)

Setup in the O365 portal

At first you login with an administrative account to the O365 admin panel.

Here you select User > Active UsersMoreSetup Azure multi factor authentication.

image

This will open a new tab in wich you can handle the MFA settings of every O365 user. Search for an account, select it and click enable on the right hand side.

image

You will have to confirm that you really want to enable MFA for this account and microsoft provides a usefull link that lets users edit thier provided phone number. https://aka.ms/MFASetup

image

After you have confirmed, the users MFA status should be enforced.

image

 

Login as a user

Wenn you are logging in as a user to office.com, after MFA has been enabled, werdet Ihr aufgefordert die MFA einzurichten.

image

Following the Setup now link you get to a configuration page where you can enter you phone number.

image
Once you get the code via SMS…

image

… you can verify your account for MFA.

image

Finally you will be displayed an App-Password, that is needed for the Office Apps. The user (or person setting up the mfa) whould write this down or copy it somewhere.

image

Configuration of the Office-Apps

When you start the Outlook client after setting up MFA, you will be asked for a username and password.

Username: user@domain Password: App-Password

image

This password is effectivley bypassing 2FA since otherwise you would have to enter a code every time outlook is pulling new mails.

Cheers, Ori