Multi-Factor Authentication

November 10, 2016 Peter Klapwijk Security, Windows 0

azure-mfa-lockToday just a short article about multi-factor authentication, to get your attention on securing the login process of your (cloud) users.
Everybody knows it is very important to use a complex password to access (corporate) data. But even if your users are using complex passwords, passwords are still the weak link in IT security. The more complex the password is, the harder to forget the password and more likely to be written down or stored on a less secure place. Who has not seen Post-it notes on computer screens with several usernames and passwords for different websites?
Multi-factor authentication (MFA) provides a second method of authentication to gain access to your data. MFA adds a second layer of security at the user login process, it requires the user to provide a second (or even third) authentication method when signing in. These Authentication methods are:

  • Something you now (your password)
  • Something you have (your smartphone)
  • Something you are (bio metrics)

Microsoft offers multi-factor authentication from the cloud, as part of Office 365 or as a separate service called Azure Multi-factor Authentication. The basic features as part of both MFA services are the same; admin control over authentication methods, the admin can turn on/ off MFA for single users and several second authentication methods.

Multi-factor authentication service settings Office 365These are the second authentication methods Microsoft provides:

  • Call to phone
  • Text message (SMS) to phone
  • Notification through mobile app
  • Verification code from mobile app

As Office 365 administrator you can manage MFA from the Office 365 portal. Just choose your service settings like shown on the picture and enable MFA for your users to help them secure their Office 365 resources. Depending on the second verification method chosen, your users need to register a mobile app or phone number to start using MFA.

If you need extra features, besides the basic features, in your MFA deployment (or you don`t have Office 365) you may choose for Azure Multi-factor authentication (as a separate service or as part of Azure AD Premium or Enterprise Mobility + Security). Azure MFA expands the basic MFA features with features like:

  • Trusted IPs
  • MFA reports
  • MFA for on-premises applications
  • Fraud alert

Visit this site to see a feature comparison of the different Office 365 and Azure MFA versions.

Related posts:

  1. Enable Self Service Password Reset feature on the Windows logon screen
  2. Azure AD Self-Service Password Reset
  3. Enable passwordless authentication to Windows 10 with Yubico security keys
  4. Automatically wipe a Windows 10 device after a number of authentication failures

Be the first to comment

Leave a Reply

Your email address will not be published.


*