Almost every company has started using Microsoft Office 365 but still, some companies are not aware of the trick of customizing the Office 365 theme with their existing organization theme and to prevent the unauthorized logins to their portal.
Once you have migrated to Office 365, you need to change all the default branding and settings to your existing organization brands and themes to establish your company's uniqueness and to make your Office 365 secure for all user logins.
If you want to subscribe to new Office 365, then you can refer to my previous article, How to subscribe Office 365.
So, once you have configured your Office 365 environment with the domain registered, then as a first step, you need to change the existing Office 365 brand to your company brand.
Branding Office 365
First, we need to log into Office 365 Admin Center with a global administrator privileged account and expand the "Settings" option from the left navigation of our Admin Center and click "Organization profile".
Then, on the right panel, you can see "Manage custom theme for your organization". Click the "Edit" button.
As a first option, you can see how you log into Office 365 navigation bar. This portion of the image will be appearing on the suit bar of your Office 365 and image size should be 200*30 pixels.
And on the next step, you can select the background image and that image will be displayed in your center portion of the suit bar.
And the third option is to prevent users to overriding your theme with their custom CSS. Finally, you can change the color of your entire Office 365 environment suit bar, navigation bar, and text by providing the HTML Hex color code and click "Save".
Your changes will reflect while modifying each option given in the customized branding and after saving your configuration, the portal will be like the below image with your given logo and images.
Branding User Login Page
And now, we will brand the User Login page. This change can be done using the Azure Active Directory and it requires Azure AD Premium 1 or 2 subscriptions.
You can find the Azure Active Directory option on the left navigation of your Admin Center.
Once you click the active directory option, it will redirect you to https://aad.portal.azure.com
Click "Azure Active Directory" from the left navigation and click "Company branding" from the middle window and select "Default" from the right window.
Sign-in Background image – this portion of the image will be displayed as a background image of the Login page.
Banner-log – this portion of the image will be displayed on top of the Login panel.
Username hint – this hint will be displayed in username textbox.
Sign-in page text – this text will be displayed on the bottom of the Login panel.
And under "Advanced Settings", you can set the page background color and set square log image.
And the login portal will be like the below image.
Security implementation
Microsoft has implemented two types of login methods to authenticate the users - one is Multi-factor Authentication (MFA) and another one is using a mobile app like RSA methodology.
Authenticating Using Mobile App
Step 1
Log into your Azure Active Directory.
Step 2
Select Azure Active Directory from the left navigation.
Step 3
Click conditional access from the middle screen.
Step 4
Enable End User Protection Policy.
By enabling this option, the user will be authenticated by entering the number generated by the Microsoft Authenticator mobile app.
When the user enters the password, the login screen will prompt for more information and the user should click the Next button.
Users need to set up the mobile app with their login account to get the secure number through a mobile app.
And once the user has downloaded the Microsoft Authenticator mobile app, they can scan the QR which is displaying in the following screen, and click Next.
User needs to enter the access code which is mobile app displaying on next screen like below and that access code will be get changed every 30 seconds and click verify. Then the user can log in to their Office 365 portal.
Multi-Factor Authentication (MFA)
This authentication method will make users enter a One Time Password which can be received as a text message in users’ mobile phone and users need to provide that OTP to the login panel for successful authentication.
To enable MFA, you need to login to the Office 365 admin center with global or user management administrator privileges and select users from the left navigation and select any active users. Then scroll down to see more settings and click Manage multi-factor authentication.
It will redirect you to a multi-factor authentication service page where you can select the multiple users and click enable option on right side.
By enabling this, users need to enter the OTP while doing the logins and click Verify.
User can log in to the Office 365 portal after successful verifications.