In our last Blog we discussed what MFA was, along with its importance in keeping your data/online information secure.  In this Blog we will be discussing MFA in Microsoft 365 specifically.

Multi Factor Authentication is part of the Microsoft 365 Business and Office Plans.  This includes all online Microsoft 365 applications, along with OneDrive and Outlook – these applications are protection enabled via MFA.

Microsoft 365 offers MFA protection via features including the Microsoft Authenticator application (which download directly to your smartphone), Phone Call MFA, SMS MFA, App passwords for individuals in situations with devices and/or applications that don’t support MFA, and Remember MFA for trusted devices.  These authentication preferences can be set based on the organizations or individual’s preferences or particular situation. Keep in mind however, that in this scenario ONLY Microsoft 365 applications are MFA protected, while things like generally logging onto your computer are not protected via Microsoft 365’s MFA.  If you’re unsure of which plan you have or have questions on your plan, or questions in general, please don’t hesitate to contact your UniVista Account Manager.

When MFA is rolled out within your organization it’s important to notify your users well ahead of time to set up expectations, minimize confusion and ward off potential problems. After your administrator launches Microsoft 365’s MFA feature, upon the users next login they will be met with a screen that informs them that additional security measures are required. So, ensure you’ve informed your users upfront with a clear guide of steps they need to take.

A quick rundown introducing your users to Multi Factor Authentication feature in Office 365 is as simple as following the following instructions:

Sign into your Microsoft Account & Enter Your Password. When the screen pops up asking for a secondary factor for your account, enter next and follow the onscreen instructions using the Microsoft Mobile App on your smartphone (if you haven’t downloaded the app, do so prior to beginning the process).  A QR Code will appear on your computer screen, and you will be asked to scan it with your smartphone.  After the QR Code is finished processing, your new account will be added, which will prompt a verification code to be sent to your phone.  Enter the verification code and all that remains is adding and entering your phone number into the account in the event you lose access to your mobile app.  You can view a video of the process on this link: https://youtu.be/uWbkLuI4g30

Take advantage of the fact that Office 365 already comes with Multi Factor Authentication, there is no reason not to use it and numerous reasons why your organization would benefit from this additional layer of security within your IT environment.  The MFA setup in Office 365 is accomplished in a relatively short amount of time and, once they’re used to it, the user impact is minimal.

Again, if you have any questions or concerns about deploying Microsoft 365’s multi factor authentication for your organization, or questions on MFA in general, please do not hesitate to contact your UniVista Account Manager.

 

Look for our January Blogs featuring an introduction to UniVista’s Standards Alignment Specialist.

 

Multi-factor Authentication (MFA) is a security tool that requires 2 or more pieces of evidence – or “AUTHENTICATION” – to prove or identify a user’s identity.  MFA has become increasingly popular throughout a variety of devices, programs, applications, transactions, and systems.  You most likely have run into it with mobile banking or access to certain websites that require advanced security.  While for some, this extra step may seem annoying, needlessly time consuming or unnecessary, it is a critical component of a company’s and individuals online security.

MFA requirements can be controlled based on the security level required for a particular device application, transaction, or situation.  For high level situations, like financial transactions, a higher level of user authentication is typically preferred.  While a less critical or lower-level situation, like logging into a gaming App, may only require a lower level of user authentication. 

Traditional usernames and passcodes unfortunately can easily be compromised and are highly vulnerable to cyberattacks. It is likely that in the past one or more of an individuals or organizations passcode(s) have become compromised.  The premise behind MFA is that, while one source of identity authentication may become compromised, the likelihood of two or more independent forms of identification becoming compromised, is significantly much lower.  For individuals and consumers, MFA prevents unauthorized users in possession of an ill-gotten passcode and basic personal information (e.g. mother’s maiden name, etc.), from accessing accounts and information. For example: blocking individuals from accessing email, social media accounts or banking information.  For organizations, MFA helps to protect against unauthorized individuals, like former employees or cybercriminals, from accessing sensitive files.

Basic forms of MFA may include requiring an answer to a predetermined security question, or identifying a phrase or an image, in conjunction with a username and passcode to logon.  Stronger forms of MFA may require a passcode sent via an email, phone call, or text message be sent to a user with a one-time-use code to access the site, application, or information desired. Larger companies like Google and Microsoft have free applications that can manage multiple MFA accounts. In some cases, even biometrics (fingerprint or facial recognition) is utilized. Again, MFA and the level of security can be scaled up or down depending on the device, type of information, or nature of the access desired or required by an organization.

If you have any questions regarding Multi-factor Authentication, please contact your UniVista Account Rep or email [email protected].

Look for our upcoming Blog on Multi-factor Authentication and how it works in MS 365.