How do I activate Multi-Factor Authentication (MFA) in Microsoft Office 365?

How do I activate Multi-Factor Authentication (MFA) in Microsoft Office 365?

1. Why Multi-Factor Authentication?

Microsoft already wrote it in their security blog. You have 99.9 percent less chance that an untrusted person can access your Office 365 account if you don't have an MFA.

A second factor is really necessary. Hackers often already have your password in their possession.

Activating MFA to protect your identity is therefore important. If someone gains access to your mailbox, this person can also misuse your identity. It is recommended to protect not only your mailbox but also your Google Account, your Facebook, PayPal and other accounts you use.

2. What is Multi-factor Authentication?

Multi Factor Authentication (MFA) is a way of providing authentication by using an additional factor. Or multiple factors.

Something someone KNOWs such as a password or a pincode

Something someone HAS such as a mobile phone, a 'fido2' hardware token

Something that someone IS such as their Biometrics: fingerprint or facial recognition.

3. How to enable multi-factor authentication as a user - New way

Here you can set up your MFA as an end user and adjust settings. At the bottom of the page you can, as an IT-Administrator, roll out the entire organisation with MFA.

Browseto: https://aka.ms/mfasetup and open the Microsoft Multi-Factor Authentication page.

Login with your current account.

1

Click on next

1

Install the Microsoft Authenticator app on your iPhone or Android phone.

1

Press next

1

In the mobile application, select Add work or school account.

1

Scan the QR code

1

Scan the QR Code via the Authenticator App - mobile

1

And now a short test by Microsoft.

1

The activation has succeeded! Test in an inprivate browser whether everything is correct after the activation to make sure nothing went wrong.

1

4. Enable MFA for users - or reset current settings

Browseto: https://aka.ms/mfasetup and open the Microsoft Multi-Factor Authentication page.

Login with your current account.

1

Click on next

Choose authenticator app or token - Setup Authenticator App

1

Install the Microsoft Authenticator app on your iPhone or Android phone.

In your mobile app, press the plus at the top to add a work account

1

Scan the QR code you get by pressing Set Up Authenticator App

1

The code appears in the web browser.

1

Thenscan the code

1

Click on next.

You get a prompt on your phone click Accept.

From now on, your mobile device is known as 2nd factor. This does not necessarily mean that your IT Administrator has set policies to make this a standard from now on. But you are already ready to use MFA.

Using the Authenticator App as your primary login method

At https://aka.ms/mfaset up you can choose to give the alerts via the authenticator app or via a text message.

It is recommended to use the app as it is very user-friendly and gives more possibilities on your smartphone - and more security!

You can make this adjustment in the screen below. After you have logged on to https://aka.ms/mfasetup

1

Have fun with MFA!

The above guide enables users within your organisation to activate MFA themselves. Unfortunately, that is not enough. If you want to do it right, and you are an IT-Administrator, you can work with Azure AD Security Defaults.

5. Enabling location data and key agreement for Azure MFA

Enabling Location Data and Code Matching for Azure MFA with Contextual Data is a feature that allows users to add an extra layer to the validation process. More information can be found here: Enable Location Information and Code Match for Azure MFA - JanBakker.tech

6. Enabling multi-factor authentication for your entire organisation can be done in one click with Azure AD Security Defaults

Registration Multi-Factor Authentication

All users in your Tenant will need to register for multi-factor authentication (MFA)

Users have 14 days to register for Multi-Factor Authentication using the Microsoft Authenticator app.

After these 14 days, the user must not log on with MFA until registration is complete.

Enforce Multi-Factor Authentication

Secure administrators. After the above registration with Multi-Factor Authentication is complete , all Azure AD administrators will need to perform additional authentication each time they log on.

Secure all users

All users of MFA are provided with crucial to be 100% sure that all accounts are under control.

Block outdated verification!

Older Office clients that cannot use modern authentication (e.g. an Office 2010 client).

Any client using older e-mail protocols, such as IMAP, SMTP or POP3.

Block it, then.

Conditional access

Example 1: Provided that we know your device, you do not need to do an MFA.

Example 2: Provided that you work on the ip-address of our organisation you do not need to do an MFA.

Conditional access = To give access to a service on condition of.

How can you enable these Security defaults?

Activation can be done via this blog: a short explanation can be found below.

Log in to theAzure Portal as a security administrator, conditional access administrator, or global administrator.

Browse to Azure Active Directory-> Properties -> Manage Security defaults. Select Manage default security settings. Set the Enable default settings option to Yes. Select Save.

Animated image showing the number of malware attacks and data breaches organizations face every day. 4,000 daily ransomware attacks. 300,000,000 fraudulent sign-in attempts. 167,000,000 daily malware attacks. 81% of breaches are caused by credential theft. 73% of passwords are duplicates. 50% of employees use apps that aren't approved by the enterprise. 99.9% of attacks can be blocked with multi-factor authentication.

Also read30 Security blogs. Teams tips and Microsoft Teams security must-haves in 4 steps.

Jasper

Jasper

Welcome to 365tips.be. On this website you can read articles and experiences about Office 365 with focus on Microsoft Teams. Feel free to ask me a question and I will answer it in a blog post. Help others by giving feedback at the bottom of the articles. This blog is made in Dutch. The multilingual website is offered with best-effort machine translation.
0 0 votes
Product review
Subscribe
Please let us know if there are
guest
1 Comment
Oldest
Latest Most Voted
Inline feedbacks
See all comments
trackback

[DocsConfigure authentication session management - Azure Active Directory | Microsoft DocsHow to activate Multi-Factor Authentication (MFA) in Microsoft Office 365? (365tips.be) (English [...]

1
0
Would love to know your thoughts, please leave a comment.x
()
x
%d bloggers liked this: