Microsoft added multi-factor authentication to Office 365 Midsize Business, Enterprise, Academic, Nonprofit, and standalone Office 365 plans, including Exchange Online and SharePoint Online. Paul Andrew, technical product manager on the Office 365 team, shared the news earlier this week.
Previously multi-factor authentication was only made available to Office 365 administrative roles when the feature launched in June 2013. Now this security measure is extended to all users of Office 365. Andrew said that the team is also enhancing the capabilities that have been available since June.
"We're adding App Passwords for users so they can authenticate from Office desktop applications as these are not yet updated to enable multi-factor authentication," he says. "And we're enabling users who are authenticated from a federated on-premises directory to be enabled for multi-factor authentication."
So what's so big about this new two-step deal? After entering the typical username and password, multi-factor authentication for Office 365 now requires users to enter a second method of identification. This is done by entering a code provided on the user's smartphone via a call, text message or smartphone authenticator app. This method is a slight inconvenience, but provides extra protection against hackers.
"This addition of multi-factor authentication is part of our ongoing effort to enhance security for Office 365, and we're already working on Office desktop application improvements to Multi-Factor Authentication for Office 365," Andrew says. "Office 365 offers many robust built-in security features for all customers and also optional controls that enable subscribers to customize their security preferences."
To get started, Office 365 administrators will enroll users for multi-factor authentication through the Office 365 admin center. This is done on the users and groups page in the admin center: admins enroll users for multi-factor authentication by clicking the Set Multi-factor authentication requirements. The multi-factor authentication page lists the users and allows admins to enroll a user for multi-factor authentication.
Once that's done, users will be required to configure their second factor of authentication at their next login. After that, each login will require the normal login credentials and the second phone-based acknowledgement. As previously stated, users can have Microsoft call the phone, send a text, notify via an app as well as call an office phone or show a one-time code in an app.
"Users who are enrolled for multi-factor authentication are required to configure App Passwords in order to use Office desktop applications, including Outlook, Lync, Word, Excel, PowerPoint, and SkyDrive Pro," Andrew said.
Paul Andrew talks more about Microsoft's new multi-factor authentication in Office 365 on Microsoft's Office blog.