Modern, productive people live in an always-connected, multi-device, and multi-platform world. You probably use an iMac desktop or HP laptop when you are in your office. When you’re at the airport or watching your child’s soccer game, you’re periodically checking work emails from smartphone. And you likely have documents and emails stored in the cloud so that your work is accessible across all these devices and platforms. But the old “enter your user name and password” method of securing these new cloud-based accounts is failing. This failed security method is the primary reason for the dire numbers of recent hacks where passwords were stolen from Equifax (143 million users), Marriott (500 million) and Yahoo (almost 3 billion—yes, that’s billion with a “b”).
Cyber-criminals know we all have too many passwords to remember and we all tend to reuse passwords across multiple accounts. However, for organizations using Microsoft 365 and the Office 365 apps that come with it have a powerful new option to secure accounts across all devices and platforms: Multi-factor authentication (MFA).
The idea of multi-factor authentication is not new. In the bygone era before Netflix (written on historical wiki pages as “1992 B.N.”), people watched movies in their homes on physical media rented from retail stores. The movies on physical media were a costly capital expense for the retailer, so the retailer generated profit from many customers paying a few dollars to rent the physical media for a day or two. To protect the retailer against an unscrupulous customer from not returning that valuable physical media, the retailer required customers to provide the store with two or more forms of identification to authenticate customer accounts with the retailer. Fast forward to our modern cloud-first world, where an online account with multi-factor authentication is more secure than just relying on an ID and password. That’s because adding a second or third factor compensates for the weakness of that one single authentication factor.
It is important to allow more than just one authentication factor for your users. This is so everyone in your organization has access to an alternate MFA option in case their primary option is unavailable. Amaxra has deployed Microsoft 365 and Office 365 with MFA to numerous organizations over years using the following methods:
While these methods are specific to Microsoft 365 and Office 365, most providers of cloud-centric tools for business have multi-factor authentication options for securing user accounts. However, in some cases they are only available as a premium option and often are not turned on by default. Microsoft 365 For Business subscribers get a free version of MFA in the cloud called “Azure multi-factor authentication.” It is a full featured and highly configurable MFA option, but is not enabled for all Microsoft 365 users by default. While Amaxra configures all of our own customers’ Microsoft 365 deployments for multi-factor authentication, we are sharing the basic steps of how to do it if you want to turn on MFA for your organization.
You can enable MFA for users of Office 365, Microsoft Teams, SharePoint, and all other apps in the Microsoft 365 suite from the cloud-based admin center. Setting up MFA can be done in just a few minutes using these five easy steps:
Important If you don’t see the More (…) option, then you aren’t a global admin for your subscription. Contact your organization’s global admin to complete the process for you.
Once you’ve set up MFA for your users in the Microsoft 365 admin center, you’ll need to send everyone an email giving detailed instructions on how to sign into their cloud accounts with additional authentication—especially if you want them to use any of the methods that use the Microsoft Authenticator app.
This easy five-step method is perfect for small businesses with relatively few users and can be completed in an afternoon. If your organization has over 50 users, then you’ll want to leverage a Microsoft Gold Partner like Amaxra to help configure your MFA. In addition, Amaxra cybersecurity experts can help your employees reduce their exposure to cyberattacks with online training and 24/7 monitoring of your corporate network.