The time has come when a string of passwords no longer protects your online data. Especially when many of the organizations are using SharePoint Online in Office 365 as their Content Management System, it is essential that the sensitive data does not slip into the wrong hands. It is here where Multi Factor Authentication for Office 365 comes into play. With Multifactor authentication, user authentication is a two-step process and requires the user to prove his or her identity.
In addition to passwords, the users are expected to acknowledge a phone call/ text message or mobile app notification to complete the verification process. Multi-Factor Authentication for Office 365 is a form of Azure Multi-factor Authentication, which comes bundled with an Office 365 subscription.
You can chose any of the options, mentioned below to complete the Multi-factor Authentication verification.
- Text Message
A verification code is sent as a text message to the user’s registered mobile to complete the verification.
- Phone Call
The user gets a phone call, which asks to verify the login process by pressing the ‘#’ button.
- Verification Code sent to Mobile App
Once the Azure Authenticator app is installed, the user gets a verification code to the mobile app during the login process, using which they have to complete the verification step.
- Mobile app Notification
The users receive a notification in the mobile app asks them to complete the verification step by selecting the ‘Verify’ button in the app.
Image Source: Microsoft Azure
How to set up Multi-factor authentication in Office 365
MFA can be enabled in Office 365 from Office 365 Admin Center. Navigate to the Admin Center.
Select Active Users tab. From the ‘More’ drop down, select ‘Setup Azure multi-factor auth’.
Select the Users by selecting the check box against the users for whom Multi-Factor Authentication has to be enabled.
Once selected, click Enable.
A confirmation message would be asked prior to enabling MFA. Select ‘enable multi-factor auth’.
Thus, the Multi factor authentication is now enabled for the selected accounts.
Setup 2 Step Verification
Sign out and log in again to Office 365 subscription, using your credentials.
Now, Office 365 will show a message, which asks the user to set up additional security verification. Click ‘Set it up now’. Setting up of additional security verification is a one-time process and from the next time onwards, you will be using the chosen verification system after entering the username and password, as a method of extra verification.
We have different options, using which we can implement a security verification. You can chose ‘Authentication Phone’, if you want to get the code as a text message or perform the verification over call (by pressing #).
You also have the option to use the 'Azure Authenticator Mobile app’ to do the verification.
Click on set up, which will provide you the option to install Azure Authenticator app.
In my case, I am forwarding the ‘Authentication Phone’ option which will send me a text code to complete the verification. Click ‘Contact Me’ to proceed.
You will shortly get a text message with a verification code, which you have to enter in the text box. Click ‘Verify’.
In the next step, you will be provided with an app password, which you will have to keep it safe as it will be unique to the user. In some of the non-Browser apps like Apple native Email client, MFA does not work. Hence, you can use these app passwords in the place of original user passwords in order to by-pass multi-factor authentication in such apps.
This completes the Multi-Factor Authentication in Office 365.
Now, when we try to sign in to Office 365, once you have entered the user name and password, you will get a second screen, where you will have to do an extra verification, using the chosen method of Multi-Factor Authentication.
Summary
Thus, we saw how to set up Multi-Factor Authentication in Office 365 to provide an additional layer of security over the usual username-password combination.