Skip to main content

Installing Multi-Factor Authentication for your Office 365 Users

Understanding MFA

In today's world passwords and pin numbers are simply not enough and muti-factor authentication (MFA) is increasingly required to combat fraud. MFA means that you need to use a secondary form of authentication, such as an app on your phone, in addition to a password when signing into systems. 

These instructions walk you through the process of setting up MFA for a user. You may need them if your user switches phones or has to have MFA disabled and re-enabled.

In the Admin Portal

While technically you could skip this step and go directly to the console via its url, it's probably easier for most people to find their way from the Admin portal, so that's where I'll start.
  1. Open the Office 365 Admin Portal. (https://admin.microsoft.com/)
  2. Click on Users, then on Active Users
  3. Click on the dots at the end of the menu and choose Setup Multifactor Authentication.
  4. This will take you to the MFA console. 

In the MFA console

  1. Click on the Magnifying Glass icon to search for the user you want to modify.
  2. Type their name in and press enter
  3. Click on their name to open a panel to the right.
  4. In the panel, click on the link marked Enable
  5. Click on the button marked Enable Muti-factor auth.
  6. If you're new to multi-factor authentication, Microsoft encourages you to read this guide
  7. It will take a few seconds then dialog box can be closed.

Note: there's a handy link marked manage user settings that will appear once MFA is enabled. It lets you push the following settings to users;
    • Require selected users to provide contact methods again
    • Delete all existing app passwords generated by the selected users
    • Restore multi-factor authentication on all remembered devices 

Adding the App

Your users should now install the Microsoft Authenticator App on their phones. It can be accessed via the Apple App store or the Google Play store.
Sometimes, the easiest way to help your users get the app is to send them to this page.
Once the Microsoft Authenticator app has been downloaded and installed;
Open it
  • Choose Add Account (you might have to push the three dot menu in the top right corner to get this option).
  • Choose Work or School Account
  • You'll be prompted to scan a QR Code. 

The QR Code

You should send your users this link: https://aka.ms/MFASetup via Email.
  • They'll be prompted to add secondary information, such as a backup email address and mobile number. 
  • They'll also have a QR Code displayed on their computer screen. 
  • If they point their phone with the Microsoft Authenticator message on it, at the computer screen, it will scan it in and connect. 

Finalising

The QR Code will activate the app on your phone, this takes a few moments (under a minute) and then it will do a test. You'll need to watch your phone and push Approve when the message appears.
From here on, the user will be prompted to approve the sign-in on their phone when they login to Office 365. Since the authenticator app isn't tied to a phone number, it will work on Wi-Fi overseas. 

Helping with Setup

If your user experience issues with the setup process and you have their device, you can do this via the Azure Portal.
  1. Go to the Azure Portal 
  2. Search and Locate your User under Users, All Users, Profile
  3. Under Authentication Contact Info, click the link marked Manage your other authentication contact information in your Access Panel Profile
  4. In the Access Panel Profile screen, click edit Security Info
  5. If you see any authenticator settings already on this screen, you may want to delete them (there's a warning but it's okay) -- this will clear any old authenticator information. 
  6. Click Add Security Info
  7. Choose Authenticator App
  8. The QR Code will be displayed and you'll be able to use the authenticator app on the user's device to scan it. 

Comments

Popular posts from this blog

How to Create an Auto-Response Mail Message in Lotus Notes 8.5.3+

Why would you do this? Suppose that you have an externally accessible generic email address for your company; support@mycompany.com or info@mycompany.com. You might expose this to the web and allow people to send messages to you. Setting up an auto-response email will tell the senders that their message reached its destination and that it will be dealt with accordingly.  It's also good practice to include links to FAQs or other useful information. Why 8.5.3 The techniques we'll be using here work in older versions of Notes but some of the options seem to have moved around in 8.5.3.  I figured it was a good time to show you where they've moved to. The Procedure Start Domino Designer and open the Mail file to be modified.  A really quick way to do this is to right-click on the application tab and choose "Open in Designer". In the Left hand panel of designer, expand Code and then double-click Agents.  A new window should appear. Click the action

How to Change Your Notification Options for New Lotus Notes Mail in version 8.x

Don't worry, I'm not patronizing you (my readers), I just decided to re-document this for one of our internal users and thought you might want to be able to use it in your own user documentation. WHAT IS THIS DOCUMENT ABOUT? Some people who don't get a lot of mail, like to be notified when such an event occurs. Notification can be; via a sound via a pop-up box via the system tray (where the computer clock is) The pop up box looks like this; Other people, who like myself, get too much mail would rather not be notified. The aim of this document is to tell you how (and where) to turn these options on and off. CHANGING YOUR SETTINGS To change your settings from the Notes 8.x client; On the Menu, click File , then Preferences... On the left hand side , click on the little plus sign to the left of Mail to expand the options. Click on the option marked Sending and Receiving . In the middle section, under receiving, you can control your notifications. If you untick the

How to Do a Mail Merge to Email using Lotus Notes

Why do one? In today's "green" world, it makes much better sense to send out emails than letters but you still want to personalize them. Sadly, by itself Lotus Notes doesn't support mail merge to email. Of course, we know that outlook does (but then it lets anyone and anything send emails for you - even when you don't want them to). So, how to do it in Notes? OpenNTF The first port of call is OpenNTF ( http://www.openntf.org/ ). This place is full of great things but most of them are really badly documented. Still, these guys give things away for free and they develop in their spare time, so we should be grateful for what we get. There's a great little project there called MailMerge Excel to Notes . Go there, click on releases and download the ZIP file. Getting to the Code The installation is tricky though I've noted that since I asked the author about the install, it's been updated (so maybe these steps are less necessary). Unzip the files to som