Multifactor authentication can protect your MSO 365 environment from unauthorized access and possible data loss or leak. Learn how to enable multi factor authentication Office 365 for your users.
Table of Contents
What is Office 365 multi-factor authentication?
Multifactor authentication is a login process that requires more than one identity confirmation. It is the cyber security measure that provides an additional layer of protection to the SaaS apps’ login process.
Multifactor authentication is carried out in several steps, usually two but sometimes three. At each step, the application offers a different method of identity verification.
Types of multi-factor authentication
There are several types of authentication:
- Based on a user’s knowledge.
The simplest example of this type of authentication mechanism is credentials. In many cases, only a user knows their login and password. Unfortunately, there are plenty of methods to steal the credentials of an individual. That’s why this method is not enough to protect the SaaS environment from breaches. Therefore you need multifactor authentication.
A Bank card’s PIN and SIM card’s PUK numbers are other examples of knowledge authentication.
- Based on a user’s possession.
Users can possess material and non-material security token that grants them access to the SaaS application. A key from a door is the simplest example.
Modern authentication uses the following types of security tokens:
- Hardware (usually, flash drives)
- Software (e.g., a file)
- One-time connection (e.g., a phone call, or an SMS).
- Based on a user’s inherence.
These are mechanisms that are based on things inherent to a user. Usually, it’s biometric data such as fingerprints, iris, or facial traits. This type of authentication requires a special technology that can collect and identify the required data (e.g. iris scanner).
- Based on a user’s position
Some companies might ban the login of users who are located outside specific geographic regions.
- Based on the time
Some apps give a limited time window for login. Another example is the hours of the day when you can log in to an app.
As a rule of thumb, multifactor authentication applies two of the above types in the login process to grant access to a user.
Why does your business need to enable multi-factor authentication?
Let’s discuss the value of multifactor authentication for your business.
- Prevention of unauthorized logins and resulting cyber risks such as data loss or leak.
- Compliance with the existing rules and regulations.
- The psychological effect on your employees who will perceive cybersecurity as a business value.
- Prevent financial losses due to data breaches and non-compliance fees and penalties.
How to enable multi factor authentication Office 365: step-by-step
Microsoft Office 365 has legacy per-user authentication as well as more recent Security Defaults. Microsoft information center suggests turning off the former and turning on the latter.
There’s one thing however that MSO 365 admins must remember at all times. Security Defaults impose multifactor authentication upon every login only on administrators. As concerns users, Azure AD ‘decides’ when to impose it on them based on multiple factors (see screenshot below):
In this section, we’ll explain both methods and it’s up to you to decide which method works best for you.
Enable per-user multi-factor authentication in Office 365
Step 1. Go to Microsoft Office 365 Admin Center, open Navigation Menu, and in Settings choose Org Settings.
Step 2. You’ll be forwarded to the Org Settings page. Scroll down to Multifactor Authentication and click on it. Note that the list is in alphabetical order.
Step 3. A sliding panel will appear on the left part of the screen. Click on the Configure Multifactor Authentication.
Step 4. You will be forwarded to the Users page. Choose all users by clicking on the box above the user list. Then click on Enable in the left column next to the users’ list.
Step 5. Confirm by clicking on Enable multi-factor auth button.
Enable Security Defaults
If you want to enable Security Defaults, you need to first disable per-user multifactor authentication. To do it, take steps 1-5, but instead of Enable, click disable. Now, you can proceed with configuring your Azure AD.
Step 1. In Microsoft Office 365 Admin Center, open Navigation Menu. Then click on Azure Active Directory.
Step 2. You will be redirected to Azure AD Admin Center. In the left panel click on Azure Active Directory. A new navigation panel will appear. You need Properties.
Step 3. At the bottom of the Properties page, press Manage Security Defaults.
Step 4. A sliding panel will appear on the right side of the screen. Click on Yes under Enable security defaults. Then click Save in the bottom right corner.
Take these steps to disable Security Defaults.
How to protect your Office 365 environment from other cyber incidents?
Unauthorized access is not the only cyber security incident that threatens your data integrity. Human error or man-in-the-middle attacks are other widespread reasons for irreversible data loss.
Your business needs other tools to protect your Microsoft Office 365 data:
Microsoft Office 365 doesn’t back up your data, so if you want to protect it from possible loss or corruption, we suggest acquiring a backup solution.
Back up your business-critical dataUse SpinOne
Not all Admins know that MSO 365 has no inbuilt ransomware protection. Unfortunately, the ransomware threat to businesses of all sizes is real. Acquire a ransomware protection tool to prevent attacks.
Applications pose a great threat to MSO 365 environment due to the permissions they acquire from users. Your business needs to detect applications and assess their risks to revoke access to the risky ones.
Multifactor authentication protects you from unauthorized logins. However, it doesn’t protect your data from unauthorized sharing. You need a tool that will enable you to see and change the sharing settings of your OneDrive files and folders.