Skip to main content

Installing Multi-Factor Authentication for your Office 365 Users

Understanding MFA

In today's world passwords and pin numbers are simply not enough and muti-factor authentication (MFA) is increasingly required to combat fraud. MFA means that you need to use a secondary form of authentication, such as an app on your phone, in addition to a password when signing into systems. 

These instructions walk you through the process of setting up MFA for a user. You may need them if your user switches phones or has to have MFA disabled and re-enabled.

In the Admin Portal

While technically you could skip this step and go directly to the console via its url, it's probably easier for most people to find their way from the Admin portal, so that's where I'll start.
  1. Open the Office 365 Admin Portal. (https://admin.microsoft.com/)
  2. Click on Users, then on Active Users
  3. Click on the dots at the end of the menu and choose Setup Multifactor Authentication.
  4. This will take you to the MFA console. 

In the MFA console

  1. Click on the Magnifying Glass icon to search for the user you want to modify.
  2. Type their name in and press enter
  3. Click on their name to open a panel to the right.
  4. In the panel, click on the link marked Enable
  5. Click on the button marked Enable Muti-factor auth.
  6. If you're new to multi-factor authentication, Microsoft encourages you to read this guide
  7. It will take a few seconds then dialog box can be closed.

Note: there's a handy link marked manage user settings that will appear once MFA is enabled. It lets you push the following settings to users;
    • Require selected users to provide contact methods again
    • Delete all existing app passwords generated by the selected users
    • Restore multi-factor authentication on all remembered devices 

Adding the App

Your users should now install the Microsoft Authenticator App on their phones. It can be accessed via the Apple App store or the Google Play store.
Sometimes, the easiest way to help your users get the app is to send them to this page.
Once the Microsoft Authenticator app has been downloaded and installed;
Open it
  • Choose Add Account (you might have to push the three dot menu in the top right corner to get this option).
  • Choose Work or School Account
  • You'll be prompted to scan a QR Code. 

The QR Code

You should send your users this link: https://aka.ms/MFASetup via Email.
  • They'll be prompted to add secondary information, such as a backup email address and mobile number. 
  • They'll also have a QR Code displayed on their computer screen. 
  • If they point their phone with the Microsoft Authenticator message on it, at the computer screen, it will scan it in and connect. 

Finalising

The QR Code will activate the app on your phone, this takes a few moments (under a minute) and then it will do a test. You'll need to watch your phone and push Approve when the message appears.
From here on, the user will be prompted to approve the sign-in on their phone when they login to Office 365. Since the authenticator app isn't tied to a phone number, it will work on Wi-Fi overseas. 

Helping with Setup

If your user experience issues with the setup process and you have their device, you can do this via the Azure Portal.
  1. Go to the Azure Portal 
  2. Search and Locate your User under Users, All Users, Profile
  3. Under Authentication Contact Info, click the link marked Manage your other authentication contact information in your Access Panel Profile
  4. In the Access Panel Profile screen, click edit Security Info
  5. If you see any authenticator settings already on this screen, you may want to delete them (there's a warning but it's okay) -- this will clear any old authenticator information. 
  6. Click Add Security Info
  7. Choose Authenticator App
  8. The QR Code will be displayed and you'll be able to use the authenticator app on the user's device to scan it. 
Labels:

Comments

Post a Comment

Popular posts from this blog

How to Create a Bootable DVD Using Nero Burning ROM 9

I often need to create bootable CDs and DVDs but it's weird because I frequently end up buring myself a new coaster instead. It's not that the process is difficult, just that nero has a few too many options and I forget which ones to choose and end up picking the wrong one. I figured that the best way to avoid this mistake in future would be to write the steps down. Procedure Insert CD or DVD into your DVD Burner. Start Nero Burning ROM 9 Choose DVD-ROM (Boot) or CD-ROM (Boot) depending on what you're creating You'll be prompted for a disk image source. Choose a Nero Source - you'll usually find them somewhere like this... C:\Program Files\Nero\Nero9\Nero Burning Rom\DOSBootImage.ima Leave the Boot Locale as English - unless you really need a different keyboard layout Tick the box marked [X] Enable Expert Settings Choose Hard Drive Emulation and leave any other settings as they are. Click the button marked New Add any files you want but don't try to add operati
11 comments
Read more

How to Change Your Notification Options for New Lotus Notes Mail in version 8.x

Don't worry, I'm not patronizing you (my readers), I just decided to re-document this for one of our internal users and thought you might want to be able to use it in your own user documentation. WHAT IS THIS DOCUMENT ABOUT? Some people who don't get a lot of mail, like to be notified when such an event occurs. Notification can be; via a sound via a pop-up box via the system tray (where the computer clock is) The pop up box looks like this; Other people, who like myself, get too much mail would rather not be notified. The aim of this document is to tell you how (and where) to turn these options on and off. CHANGING YOUR SETTINGS To change your settings from the Notes 8.x client; On the Menu, click File , then Preferences... On the left hand side , click on the little plus sign to the left of Mail to expand the options. Click on the option marked Sending and Receiving . In the middle section, under receiving, you can control your notifications. If you untick the box mark
12 comments
Read more

How to Create an Auto-Response Mail Message in Lotus Notes 8.5.3+

Why would you do this? Suppose that you have an externally accessible generic email address for your company; support@mycompany.com or info@mycompany.com. You might expose this to the web and allow people to send messages to you. Setting up an auto-response email will tell the senders that their message reached its destination and that it will be dealt with accordingly.  It's also good practice to include links to FAQs or other useful information. Why 8.5.3 The techniques we'll be using here work in older versions of Notes but some of the options seem to have moved around in 8.5.3.  I figured it was a good time to show you where they've moved to. The Procedure Start Domino Designer and open the Mail file to be modified.  A really quick way to do this is to right-click on the application tab and choose "Open in Designer". In the Left hand panel of designer, expand Code and then double-click Agents.  A new window should appear. Click the action
22 comments
Read more