Introduction
In this article, we will see what Multi-Factor Authentication is, how it can be enabled, and what are various authentication and verification methods along with their set up available in Multi-Factor Authentication for Office 365 users.
What is MFA?
We all know that we cannot compromise on our personal information which can be breached by anyone.
Multi-Factor Authentication helps safeguard access to data and applications while meeting user demand for a simple sign-in process. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy verification options.
Implementation
Before individual Office 365 users can use multi-factor authentication, the Office 365 administrator has to enable it in Admin portal.
Steps for Office 365 Admin to enable MFA
- Log into Office 365 admin portal using admin credentials.
- In the menu on the left hand side, expand Users and Active Users.
- This will show you the list of users OR you can search for any particular users. (For my testing, I used only one Office 365 user, however we can perform this step for bulk users also).
- In the user’s pane, click on Manage multi-factor authentication under More settings.
- On the multi-factor authentication screen, select the user account to enable and click Enable on the right hand side.
Steps for Office 365 User to enable MFA
- As an Office 365 user, I logged in to site https://login.microsoftonline.com where the following page was opened.
- On this screen, enter the credentials and click on “Sign in” button.
- After clicking on “Sign in” button, I was expecting that I would be redirected to the Office 365 portal, but since Office 365 Admin enabled Multi-Factor Authentication for my user account in the previous step, the following message appeared on the screen to set up the second level security verification. So, I clicked on “Set it up now” button on the sign in screen and followed the instructions.
- After clicking on “Set it up now” button, additional security verification page opened, where I needed to set up my preferred security method.
- From the drop-down, I choose the “Authentication Phone” option, to test firstly with mobile SMS.
- After clicking on “Contact me” button, I received a SMS in my mobile, having the verification code. This code needs to be mentioned in the screen, as shown below.
- Click on verify, and the following screen gets opened. On this screen, it mentioned to use an “app password” and save it for future reference,
- After clicking on “Done” button, I was redirected successfully to Office 365 portal. WOW, we have implemented a second-level of authentication using mobile SMS.
- Now when I tried logging-in for the second time, a message was delivered in my mobile with verification code, which needs to be entered on the sign-in screen, as shown below,
- Then I tried with other verification methods, especially calling and mobile app authentication. Please note, at any time, you can change your preferred Authentication method by navigating to Office 365 settings and then clicking on Security and Privacy,
- Then I tried the “Call me” verification to check multi-factor authentication. I selected “Authentication Phone” from the drop-down and check the “Call me” option and clicked on “Contact me” button.
- In a few seconds, I received the call from Microsoft on my mobile, and for verification they asked me to click the pound or hash (#) sign on my mobile and the call got disconnected automatically. WOW, I got authenticated and redirected to Office 365 portal.
- The last verification method which I tried was “mobile app”, which personally I liked the most.
- For this verification, first we need to install the “Microsoft’s Authenticator app” app in our mobile which is available for iOS, Android, and Windows Phone. Below is the image of the app in Android Play Store, from where we need to install this app.
- After installing the above app, it will ask to login with your Microsoft account (not with Office 365 account). Also, it might ask for additional details like your secondary email to complete the app setup. Once the app is successfully configured, it will show the below screen in your mobile,
Mobile Screen View
- We can use the below screen to configure the mobile app verification,
- Once “Configure” button is clicked, the below screen appeared on computer screen. In parallel, the below screen appeared on my mobile app from where I can verify either by entering code and URL or by scanning QR code.
Website View
Mobile Screen View
- Once the verification is done, it will show the message – “Mobile app has been configured”
- For verification, a notification will appear in your mobile app along with a code which needs to be added in the application. WOW, we are redirected to Office 365 portal.
Reference URL
https://docs.microsoft.com/en-us/azure/multi-factor-authentication/
Conclusion
I’ve tested Multi-Factor Authentication with Microsoft’s Mobile Office apps, Outlook, and OneDrive for Business in Windows 10, and found no problems.
Hope this article helps many.