Multi-Factor Authentication (MFA) is a method of enhancing the security of user accounts by requiring them to provide a second proof of identity in addition to their password. This helps protect against cases when a user’s password is compromised. Office 365 includes support for Multi-Factor Authentication to allow organizations to enhance their security.
Before rolling out MFA, you will want to decide which users you want to roll it out to. You may want to roll out MFA to all your users, or you may decide you only want to enforce it for users with administrative rights or with access to sensitive documents. Because Office 365 lets you enable MFA at the individual user level, you are able to decide which approach is best for you.
In Office 365, a user with MFA enabled will be required to go through the MFA login process any time they are prompted to enter a password. Users may be concerned that this will be less convenient for them. However, MFA usually only adds a few seconds to the login process. If users generally log in from the same devices, the “Keep me signed in” checkbox means that, most of the time, they won’t need to re-enter their password when interacting with Office 365.
Office 365 MFA supports the following methods:
- Call my authentication phone
- Text code to my authentication phone
- Call my office phone
- Notify me through app
- Use verification code from app
Each of these methods has advantages and disadvantages compared to the others.
Call my authentication phone
With this method, Microsoft will place an automated call to the user’s mobile phone when they try to log in. The user will be prompted to press the # key on their phone to allow the login to continue. If they were not trying to log in, they can press a different key to report a fraudulent login attempt.
Advantage: Instant verification from anywhere.
Disadvantage: Requires cell reception and may incur mobile costs.
Text code to my authentication phone
A code is texted to the user’s mobile phone when they try to log in. The user can either respond to the text or type the code into the authentication interface.
Advantage: Call does not need to be answered immediately.
Disadvantage: Requires cell reception and may incur text messaging costs.
Call my office phone
This method is similar to Call my authentication phone, but instead the user’s office phone is called. This method is able to dial extensions.
Advantage: User won’t incur mobile phone costs.
Disadvantage: User has to be at their desk.
This option is well-suited for users who will only log in to Office 365 from their desk, or as a backup method for when a user forgets their mobile phone at home.
Notify me through app
When the user logs in, they receive a notification through the Authenticator app on their phone. They respond by clicking a button in the app to verify the login attempt.
Advantage: Does not require reception or incur text messaging costs.
Disadvantage: Requires that the phone be connected to the internet.
Use verification code from app
When the user logs in, they will be prompted to enter the code displayed in the Authenticator app on their phone. This code changes every 30 seconds based on a cryptographic algorithm and does not require network connectivity.
Advantage: The user can authenticate from anywhere, regardless of internet or telephone connectivity.
Disadvantage: A slight reduction in security, as there is no instant notification of a fraudulent login attempt as with the other methods.
With the ability to save login information to reduce inconvenience, and a selection of verification methods available, Multi-Factor Authentication is an excellent way to quickly boost security.
If you’re looking for more information about Office 365 Multi-Factor Authentication, or have questions about Office 365 in general, please contact us!
Learn more about DMC's Office 365 services.