Two Factor Authentication on Microsoft 365
by TUCU Managed IT Services in Toronto
It’s time for your company to enable Two Factor Authentication on your Microsoft accounts, before Microsoft locks you out - but your employees may be pushing back. Here is an explanation and instructions to get everyone prepared for the October cut-off date, even if you wait until the last day to actually pull the trigger.
Why do I need 2 Factor Authentication?
Passwords are simply not strong enough to prevent modern attacks and so many companies have enabled 2-factor authentication to protect user accounts. It helps to reduce risk of account breach because a hacker would need to both know your password as well as have your phone in their possession to generate a 2nd factor authentication PIN in order to be able to break into your account. Some companies like Apple and Microsoft are being a bit heavy handed with it and 'enforcing' it, and more companies are following suit. And here we are.
First, Microsoft has decided to do away with all legacy authentication methods and disallow them from Office 365.
These settings have been enforced on all new Microsoft 365 tenants created since late 2019 and they are retroactively applying them to older Microsoft 365 tenants.
The cut-off for this is October 13, 2020 at which point anyone not configured will be locked out and unable to access email.
Microsoft may not have communicated all this as clearly as some of us would have liked, so hopefully this post helps you. Please see their announcement here.
Why can’t I use text messaging for 2-Factor Authentication in Microsoft anymore?
Your first step in this process is to enable 2-factor authentication.
In the past, you may have set this up to receive a text message with a 6-digit number that you would enter when signing into your email. If you have an iPhone you'll have seen a similar process with your iCloud account. Many banks also enforce 2-factor authentication now.
Microsoft will be eliminating the ability to receive text messages as a verification method and only enabling the Microsoft Authenticator app to be used for verification.
This app doesn't have access to your phone, and it doesn't install your work email account on your phone. It's sole function is to provide a rotating 6-digit number that is tied to your Office 365 account, like the text messages with the 6-digit code. The reason text messaging is being phased out is because hackers have found ways around it now, by porting your cell phone number away from your account.
In order to continue using your Microsoft Office 365 account, which includes your email server (exchange) as well as Teams, OneDrive, SharePoint and more, you must install the Microsoft Authenticator app so that you can receive the 6-digit codes required to log in.
In Outlook this would only need to be performed once and your Outlook app will remain connected without the need for re-adding the 6-digit code. If signing into Outlook on the web, or Teams, or other web based apps, it would mean you'd need to enter this 6-digit code every 14 days. That’s a very low obstacle to overcome for the level of added security you gain, so go ahead and set up your 2FA now.
Steps to enable 2-Factor Authentication in Microsoft accounts
Please do follow these steps and if you get stuck at any point please contact your IT support provider to have them walk you through additional steps.
1. Please download the authenticator app from either the apple app store or the Android play store to your mobile phone.
2. On your computer (not on your phone) visit https://aka.ms/mfasetup and sign in with your office 365 credentials.
3. Once logged in, click on "Set Up Authenticator App" and follow the prompts.
4. It will ask you to open the Microsoft authenticator app on your phone. Please do so.
5. You'll be prompted to add an account which should activate the camera on your phone.
6. Point the camera at the QR code displayed on your computer screen.
7. The app on your phone may now be displaying the 6-digit rotating code.
8. Enter this code on your computer when it asks for it.
After this is complete, you can wait until the cut-off date on October 13th if you really want to – but why not enable better security today?
If you wait, when your account stops receiving messages, you will have already set up the necessary components for you to remove and re-add your account. It should not be necessary to remove and re-add your account to Outlook. Outlook will likely pop up and ask for your 6-digit code one time. Your mobile phone (if you've configured it to receive your work email) will need to have the email account removed and re-added from your email app's account settings. When you re-add the account to the email app on your phone it will ask you for the 6-digit code from your new authenticator app.
Delaying basic security prevention and patching is one of the easiest ways for cyber criminals to gain a foothold in your small business. Small businesses are big targets. If you are ready to explore comprehensive, proactive IT security services and Managed IT Services for your small business, contact us today to discuss your needs. TUCU is a Toronto IT Company serving SMB's with trust and integrity since 2003.
Say goodbye to techaches!
We understand that you need a reliable IT company you can trust. Join our long list of happy clients dating back to 2003.
Reach out now to schedule your Discovery Call to learn how we can help you.