Title here
Summary here
In this article I want to show how you can add another layer of security to the O365 login by enabaling multi factor authentication (MFA). We have to start by looking at the different options of MFA the microsoft portal offers.
- Multi-Factor Authentication for Office 365 - free
- Multi-Factor Authentication für Azure AD-Administratoren - free
- Azure Multi-Factor Authentication - extra license
This article covers the free MFA for Office 365. It can only be used by accounts with an aktive O365 license.
Preparation
The changes you are about to enable will impact the way people use thier account. Think about how you communicate this and when to roll it out.
At first you should think about what your second factor is going to be. In the free version it coud be one of the following:
- A call to your phone number providing a code
- An SMS to your phone number providing a code
- An App you use to scan a QR code on the screen
In this example I will be using the SMS as the second factor.
In addition the the code that is beeing sent via SMS, the user will be asked to generate a so-called “app-password” when configuring 2FA. This is needed to bypass 2fa when using the local office apps running on the users machine. (Outook for example)
Setup in the O365 portal
At first you login with an administrative account to the O365 admin panel.
Here you select User > Active Users > More > Setup Azure multi factor authentication.
This will open a new tab in wich you can handle the MFA settings of every O365 user. Search for an account, select it and click enable on the right hand side.
You will have to confirm that you really want to enable MFA for this account and microsoft provides a usefull link that lets users edit thier provided phone number. https://aka.ms/MFASetup
After you have confirmed, the users MFA status should be enforced.
Login as a user
Wenn you are logging in as a user to office.com, after MFA has been enabled, werdet Ihr aufgefordert die MFA einzurichten.
Following the Setup now link you get to a configuration page where you can enter you phone number.
… you can verify your account for MFA.
Finally you will be displayed an App-Password, that is needed for the Office Apps. The user (or person setting up the mfa) whould write this down or copy it somewhere.
Configuration of the Office-Apps
When you start the Outlook client after setting up MFA, you will be asked for a username and password.
Username: user@domain Password: App-Password
This password is effectivley bypassing 2FA since otherwise you would have to enter a code every time outlook is pulling new mails.
Cheers, Ori