Microsoft Multi-Factor Authentication

by Rupert Davey
January 2019

Traditionally a username and a password combination were good enough to authenticate you against a system.

But that’s no longer good enough.  Pop your email address into the “have I been pwned” checker site and you’ll see what I mean!

The recommendation?  Use something in addition to your password, something only you have, something only you own: an additional authentication method for example a unique code sent by text to your phone.

This is sometimes called 2 Factor Authentication or 2FA.  Microsoft have a system that has several different options, not just a code in a text message.  This is Multi Factor Authentication or MFA.

If your password gets leaked, found out, known, guessed or otherwise compromised the attacker would need your device, your phone, to gain access to the account.

If you use your mobile phone to generate security codes, you can use a single app to handle all the different sites.  I use the Microsoft Authenticator app.

How do I get Multi-Factor Authentication?

The good new is that you’re probably already using some form of additional authentication with your online banking.  Most online backs have apps or onetime text messages when you log in.

But what about other services?

First off, have a look for your site of choice or check out Turn It On.

Facebook, for example, has a 2FA system that’s off by default but easy to enable.  If you use Facebook, have a read.

So, you have Multi-Factor Authentication setup for all your personal stuff.  But what about work?

Office 365

To set this up, you just need an Office 365 licence which features a Microsoft Exchange Online plan, such a Office 365 Business Essentials, Business Premium or E3, others are available.

MFA is a free security feature of any Microsoft Exchange Online plan.

Your IT administrator will need to have enabled MFA on your account.  They can do this by following these instructions.

Once your IT admin person has done that, when you go to www.office.com you can following the user setup.  I’d also recommend you have a read of the app password guide as this could help in the future.

All the Office 365 installations ctm IT Support deploy and administer have MFA enabled for the users.

App Passwords

There are certain applications that currently do not support MFA.  Microsoft have come up with a solution to applications that do not support this with "App Passwords". These are one-time view, randomly generated passwords that you can use per device.

You can create more App Passwords for use on phones or other devices, PCs, etc. and Microsoft gives you the ability to manage them from your Office 365 web portal.

my.ctm-it.com

For existing clients, we offer a fully featured management portal, and this comes with MFA security. 

If you’re accessing my.ctm-it.com we strongly recommend you enable this feature.