Multi Factor Authentication

Darrin Crawford
Darrin Crawford used Ask the Experts™
on
Looking for some info; pro's/cons as to enabling MFA on Office 365.
We are looking to push this out to Contractors and any experience of this would be appreciated.

Does it get enabled at a high level?  Can it be pushed out to single users?
How is it managed?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2015
Distinguished Expert 2018
Commented:
There are multitude of controls. In general you enable it on per-user basis, but you can also configure features such as conditional access to applications (for example, require everyone accessing SharePoint from outside of the company network to perform MFA validation). The only con is that requires you to educate your users properly, otherwise it can be a potential driver for more support calls. But the added security benefits are worth it.

Also, if you enable it for admin account, note that some of the PowerShell modules still dont support MFA, or require you to update to a newer version/change your login routine.

There's an extensive documentation on MFA available here: https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-cloud
(make sure to go over all the sections in the left navigation menu!)

Author

Commented:
So working through the documentation on a test environment.
Tested user logging in to web versions of office 365 and asks to setup  authentication by text message etc.
But it doesn't ask me for my 'normal' password?

Also then if I open any client, say Skype or Outlook, it allows me in.

Is there a further setup to do or is Office 365 not able to accommodate ?
Most Valuable Expert 2015
Distinguished Expert 2018
Commented:
Password is asked beforehand, you will be presented with the MFA challenge (or setup process) only after successfully authenticating first. In scenarios where you are using AD FS or any other form of SSO, password might not be required at all. Best test from location outside of the corporate network, or use Private sessions.

Depending on the version of Office apps and protocols used (Modern authentication), you might not be presented with an authentication prompt for up to 90 days upon successful authentication.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial