Office 365: Cloud Identities – Managing multi-factor Authentication from Admin center site

Hi All,

In this article we will discuss what multi-factor authentication is, how to enable it, what the options for multi-factor authentication are and how to configure them from Office 365 Admin center site.

What is multi-factor Authentication?

Multi-Factor authentication is the mechanism to identify user by more than one way. Rather than having just user name and password for data access there is second form of authentication. This means while signing to Office 365 user have two or more forms of authentication.

For Office 365, username and password remains the primary authentication method. Following are the secondary options for Office 365

  1. Use of Mobile Device App: Microsoft Authenticator App
    • This is mobile app, can be downloaded from app store.
    • We provide it with a QR or numerical code.
    • This app generate new code every 30 seconds
    • While signing to Office 365, user needs to enter this code
  2. Authentication Phone : In this we have following two method
    • Phone Call: We receive the phone call and we get the code which we need to enter while signing to Office 365
    • SMS Message:
      1. SMS having code sent to configured mobile number
      2. While signing to Office 365, user needs to enter the received code

Enabling multi-factor authentication: Navigate to “Active Users” page – https://portal.office.com/adminportal/home#/users as

fig1_ActiveUsers
Figure 1: Active Users

From “More” drop-down click on “Setup Azure multi-factor auth” as

fig2_MFA option
Figure 2 – Active User Page – “Setup Azure multi-factor auth” option from “More” drop-down

We will be redirected to “MultifactorVerification.aspx” which is hosted in Azure as

fig2_MFA User Management MultiFactor Verification Page
Figure 4 – Enabling MFA for selected user

From the multi-factor authentication page, select the user for whom we want to enable the multi factor authentication and click on “Enable” link as

fig3_MFA_Enabling MFA
Figure 4 – Enabling MFA for selected user

Once we clicked on “Enable” link “Enabling MFA dialog box” appears as

fig6_MFA_Review dialog
Figure 5 – “Enable multi-factor authentication” dialog box

In this way MFA will be enabled for the user.

When user for whom MFA is enabled, on next sign in he / she will be redirected to page where multi-factor authentication need to set up as

fig6_MFA_SignUp after enabling the MFA
Figure 6 – After enabling MFA, user need to set up the MFA

Once we clicked on “Set it up now” button, we will be redirected to “proofup.aspx” page which is also hosted in Azure as

fig7_MFA_Additional security verification page
Figure 7 – Additional security verification page – proofup.aspx hosted in Azure

On the “Additional security verification” page we need to select the next authentication option as

fig8_MFA_Option for MFA
Figure 8 – Additional security option

We need to select either on option from

  1. Authentication phone
  2. Office Phone
  3. Mobile App

Here, now we will discuss configuring “Mobile app”, select the “Mobile app” option from drop-down, we will get two options as

fig9_ MFA_mobileapp
Figure 9 – Selecting “Mobile app” option for MFA

Next step is to configure the mobile app – “Microsoft Authenticator App”. Click on “Set up” button. We will get “Configure mobile app” dialog as

fig10_MFA_configure mobile app dialog
Figure 10 – “Configure mobile app” dialog

Before going to next step here we need to install the mobile app – “MICROSOFT AUTHENTICATOR APP”, install this app on your phone, in the app select the account and scan the above given image shown in the Figure 10.

Once we scanned the “QR code” from above image, app will start creating verification code for every 30 secs.

Next step will be, entering the verification code from mobile app as

fig11_MFA_step2_additional security verification
Figure 11-Step 2: Additional Security Verification

Enter the verification code and click on “Verify” button as shown in above figure

Once security code is verified, in step 3 it will confirm mobile number in case there is no access for security app as

fig12_MFA_Step3_Additional security verification
Figure 12-Step 3:Additional security verification

Please confirm here mobile number and click on next button. You will be redirected to Step 4 as

Fig14_MFA_Step4_KeepExisting_application
Figure 13-Step 4:Additional security verification

Copy the password and click on “Done” button as shown in above figure.

Office 365 will logout you automatically and will ask password again. Once you enter the password, code will be asked from the “authenticator app” as

fig15_mfa_entercodedialogfromauthenticator app
Figure 14-“Enter code” dialog from authenticator app

Once you enter the code and verified you will login to Office 365 successfully.

Thanks for reading 🙂

Keep reading , share your thoughts, experiences. Feel free to contact us to discuss more. If you have any suggestion / feedback / doubt, you are most welcome.

Stay tuned on Knowledge-Junction, will come up with more such articles.

Advertisements

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.