As cyber criminals become more sophisticated it is important to adopt appropriate security measures to counteract these threats. You may have heard of, or already be using, Multi Factor Authentication (MFA), otherwise referred to as Two-Factor Authentication (2FA). You’ll almost certainly have it set up for banking and potentially on other cloud applications where critical information is stored. Based on recent experiences with clients, we now recommend MFA for all Office365 users.  

What is MFA? 

Multi Factor Authentication is an additional security step that helps to protect your accounts by confirming that you are attempting to gain access, not a hacker or opportunist on the internet.  

MFA relies on two key factors 

  1. Something you know i.e. your Office365 username and password 
  2. Something you have i.e. your Mobile Phone 

Using cloud hosted applications without MFA is like driving without wearing a seatbelt. You can risk it, but the consequences can be horrific 

Why MFA for Microsoft Office365 is a worthwhile investment  

  • Although complex passwords provide a good first level of authentication, they are no longer enough.  
  • Through our clients we have observed a steady increase in Microsoft Office365 targeted attacks over the past 6 months, most prominently in Outlook 
  • In addition to protecting Outlook, MFA ensures files that have been placed into the Office365 environment via SharePointOneDrive and Teams are also secure.  
  • These attacks have been traced back to usernames and passwords being gained and used by cyber criminals. 
  • With MFA in place, passwords alone are of little use as the hacker attempting to gain access can’t get to the second factor, the associated account holders’ mobile phone. 

How MFA for Microsoft Office365 Works 

  1. Use your username and password to log on to your PC.  
  2. Using Factor 1: After opening Microsoft Outlook it will ask you for your username and password again, but this time it will ask you to enter in a verification key. 
  3. Open the Microsoft Authenticator application on your phone and you will see a 6 digit code. 
  4. Using Factor 2You enter that 6-digit code into the computer, then Outlook opens. 

It works much like a security door. Should a thief break the first lock, they are then presented with another lock that is significantly harder to break. 

MFA for Microsoft Office365  

MFA, Conditional Access and Self-Service Password Reset are part of Microsoft Azure Active Directoryhowever, a Microsoft Premium P1 or P2 license is required.  

  • Conditional access: Your offices IP address will become a trusted location meaning staff will only be prompted for the second factor when accessing cloud systems outside of the office. This helps to ensure that MFA will not become a significant burden in their daily activities.  
  • Self-Service Password Reset: Gives your staff the power to re-set their own passwords without having to log a support ticket.  

Without MFA you will be presented with a growing number of security risks in Office365. If you would like to learn more about MFA or how the IT Partners team can help send us an email or phone 07 957 2650.