, , , , , , , ,

Azure Multi-Factor Authenticator App | HowTo | 3 of 3

Part One | Part Two | Part Three

Azure Multi-Factor Authenticator App: In Part One I covered:

  • Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

  • Enable modern authentication in Exchange Online

  • Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

In Part Two I covered:

  • Enrol Accounts for Office 365 Multi-Factor Authentication

Once Office 365 Multi-Factor Authentication has been enabled and the users enrolled it is sensible for your users to install the Microsoft Authenticator App. The App can be downloaded for a number of devices:


Once the Azure Multi-Factor Authenticator App has downloaded and installed on your device.

Log in to the portal here: https://portal.office.com

  1. Once logged in, click on the Profile Picture on the top right:

    Azure Multi-Factor Authentication Portal Step One

    Azure Multi-Factor Authentication Portal Step One

  2. Click on View account:

    Azure Multi-Factor Authentication Step Two

    Azure Multi-Factor Authentication Step Two

  3. Click on Security & Privacy:

    Azure Multi-Factor Authentication My Account Step Three

    Azure Multi-Factor Authentication My Account Step Three

  4. Click on Additional security verification:

    Azure Multi-Factor Authentication Security Privacy Step Four

    Azure Multi-Factor Authentication Security Privacy Step Four

  5. Click on Update your phone numbers used for account security:

    Azure Multi-Factor Authentication Additional Security Verification Step Five

    Azure Multi-Factor Authentication Additional Security Verification Step Five

  6. Select the Authenticator app tick box:

    Azure Multi-Factor Authentication Security Verification Options Step Six

    Azure Multi-Factor Authenticator App Security Verification Options Step Six

  7. While you are here you can add in the Alternate authentication phone. Click Configure:

    Azure Multi-Factor Authentication Security Verification Details Step Seven

    Azure Multi-Factor Authenticator App Security Verification Details Step Seven

  8. You should see the Configure mobile app message box:

    Azure Multi-Factor Authentication Retrieving App Step Eight

    Azure Multi-Factor Authenticator App Retrieving App Step Eight

  9. The Configure mobile app QR code will now display:

    Azure Multi-Factor Authentication Configure App Step Nine

    Azure Multi-Factor Authenticator App Configure App Step Nine

  10. Open your Authenticator App on your device. The example below is from an iPhone. Select the plus + sign in the top right:

    Azure Authenticator App for iPhone Step Ten

    Azure Authenticator App for iPhone Step Ten

  11. Select Work or school account:

    Azure Authenticator App for iPhone Account Step Eleven

    Azure Authenticator App for iPhone Account Step Eleven

  12. Point the camera of your device at your screen to detect the QR code. If you receive a notification to allow the App access to your camera, select Allow. Otherwise select the Or enter code manually:

    Azure Authenticator App for iPhone QR Code Step Twelve

    Azure Authenticator App for iPhone QR Code Step Twelve

  13. You should now have a new account:

    Azure Authenticator App for iPhone Complete Step Thirteen

    Azure Authenticator App for iPhone Complete Step Thirteen

  14. The activation status will now be checked:

    Azure Multi-Factor Authentication Checking Status Step Fourteen

    Azure Multi-Factor Authentication Checking Status Step Fourteen

  15. Click Save:

    Azure Multi-Factor Authentication App Configured Step Fifteen

    Azure Multi-Factor Authentication App Configured Step Fifteen

  16. Click Verify preferred option:

    Azure Multi-Factor Authentication Configure App Step Sixteen

    Azure Multi-Factor Authentication Configure App Step Sixteen

  17. You should now see the Verifying app notice:

    Azure Multi-Factor Authentication Verifying App Step Seventeen

    Azure Multi-Factor Authentication Verifying App Step Seventeen

  18. Open the Authenticator App on your device. Enter the code in the verification code box. The code will change every thirty seconds. Click Verify:

    Azure Multi-Factor Authentication Verification Code Step Eighteen

    Azure Multi-Factor Authentication Verification Code Step Eighteen

  19. If you receive a Verification failed error it’s most probably because you were too slow:). Click Retry and repeat steps 16, 17 and 18:

    Azure Multi-Factor Authentication Verification Failed Nineteen

    Azure Multi-Factor Authentication Verification Failed Nineteen

  20. Once successful you will see an Updates successful notice. Click Close:

    Azure Multi-Factor Authentication Setup Success Step Twenty

    Azure Multi-Factor Authentication Setup Success Step Twenty

  21. That’s it. You will now be returned to the Portal home page. I recommend using the Notify me through the app option by going through steps 1 to 5 to return to:

    Azure Multi-Factor Authentication Select Option Step Twenty One

    Azure Multi-Factor Authentication Select Option Step Twenty One

In order to test, log out of the portal then log back in. You will be prompted for your verification code or your device will notify you that verification is required depending upon which option you chose.

One final task is to create and assign App Passwords, which I will cover in two future posts: Office 365 App Password | HowTo | 1 of 2

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , , ,

Office 365 Multi-Factor Authentication | HowTo | 2 of 3

Part One | Part Two | Part Three

Office 365 Multi-Factor Authentication: In Part One of Three I covered:

  • Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

  • Enable modern authentication in Exchange Online

  • Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

The next phase of the process is to enrol the user for Office 365 Multi-Factor Authentication.

Enrol Accounts for Office 365 Multi-Factor Authentication

Once the attribute has been enabled for their account via an administrator, the user now needs to register for . The user should sign in as normal:

  1. Log in to the portal here: https://portal.office.com using using their username and password. Click Sign in:
    Office 365 Multi-Factor Authentication Login Step One

    Login Step One

  2. The user will now see the below asking them to further verify their account. Click Set it up now:
    Office 365 Multi-Factor Authentication Set-Up Step Two

    Exchange Online MFA Set-Up Step Two

  3. The user will now see two drop-down option boxes. The first for the method and the second for location:
    Office 365 Multi-Factor Authentication Verify Step Three

    Office 365 MFA Verify Step Three

  4. I recommend using the Authentication phone option as we will assume the user has no contact details added in their profile. This allows them to select the country and set the number the text or call verification is sent to. Click Select you country or region, select the appropriate one for you. Enter your number to be contacted, the example is 123456789. Select the Send me a code by text message or Call me., the example is text message. Click Contact me:
    Office 365 Multi-Factor Authentication Verify Step Four

    Azure MFA Verify Step Four

  5. You will now be taken to Step 2, confirming that a text message has been sent to the telephone number with the country code you completed in 4 above.
    Office 365 Multi-Factor Authentication Send Text Step Five

    Exchange Online MFA Send Text Step Five

  6. You will receive a text message on your phone within 60 seconds. If you do not receive the verification code text, please check the number displayed in 5 above:
    Office 365 Multi-Factor Authentication Verify Code Step Six

    Office 365 MFA Verify Code Step Six

  7. Use the code from 6 and enter it in to the box, the example below is 373318. Click Verify:
    Office 365 Multi-Factor Authentication Add Code Step Seven

    Azure MFA Add Code Step Seven

  8. You have now verified your identity and will be given an App Password which can be used to access your email using an application, such as the Apple Mail App. I will cover App Passwords in more detail in Part Three. Click Done:
    Office 365 Multi-Factor Authentication Initial App Password Step Eight

    Exchange Online MFA Initial App Password Step Eight

  9. If this was a new user with a temporary password they will need to update their password and Sign in. Enter the Current passwordNew password and Confirm (new) Password:
    Office 365 Multi-Factor Authentication Password Update Step Nine

    Azure MFA Password Update Step Nine

  10. Click Update password and sign in:
    Office 365 Multi-Factor Authentication Password Update Step Ten

    Office 365 MFA Password Update Step Ten

  11. If you have self-service password recovery enabled will now need to enter additional information in order to recover access to your account. Click Next:
    Office 365 Multi-Factor Authentication Password Authorisation Step Eleven

    Azure MFA Password Authorisation Step Eleven

  12. Select the Authentication email Set it up now:
    Office 365 Multi-Factor Authentication Password Authorisation Step Twelve

    Exchange Online MFA Password Authorisation Step Twelve

  13. Enter an email address that you have access to, such as your personal email address. You cannot add any email domains which are associated with your Exchange Online Tenant as this needs to be unique to the user. Click email me:
    Office 365 Multi-Factor Authentication Password Additional Verification Step Thirteen

    Azure MFA Password Additional Verification Step Thirteen

  14. You will now receive a verification code via email to the address you entered in 13:
    Office 365 Multi-Factor Authentication Email Confirmation Step Fourteen

    Office 365 MFA Email Confirmation Step Fourteen

  15. Enter the code you received in 14 in the box, in the example the code is 836919. Click verify:
    Office 365 Multi-Factor Authentication Code Confirmation Step Fifteen

    Azure MFA Code Confirmation Step Fifteen

  16. We now need to set the Authentication phone. Select Verify:
    Office 365 Multi-Factor Authentication Phone Verify Step Sixteen

    Exchange Online MFA Phone Verify Step Sixteen

  17. In this step you will verify the number you used in 4. Click text me:
    Office 365 Multi-Factor Authentication Text Verify Step Seventeen

    Azure MFA Text Verify Step Seventeen

  18. You will receive a text message on your phone within 60 seconds:
    Office 365 Multi-Factor Authentication Text Verify Step Eighteen

    Office 365 MFA Text Verify Step Eighteen

  19. Use the code from 18 and enter it in to the box, in the example the code is 242564. Click Verify:
    Office 365 Multi-Factor Authentication Text Verify Step Nineteen

    Azure MFA Text Verify Step Nineteen

  20. You have now created two forms of verification and your account recovery details. Click finish:
    Office 365 Multi-Factor Authentication Verify Complete Step Twenty

    Exchange Online MFA Verify Complete Step Twenty

Enrol Authenticator App for Azure Multi-Factor Authentication

To enrol your user account for Office 365 Multi-Factor Authentication App and create App Passwords, continue to Part Three.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , , ,

Exchange Online Multi-Factor Authentication | HowTo | 1 of 3

Part One | Part Two | Part Three

Exchange Online Multi-Factor Authentication: We’ve covered the notion of two-factor authentication (2FA) and Exchange Online multi-factor authentication (MFA) before, especially how you MUST enable it for sensitive accounts. I include all IT users, especially those with administrative access, plus any senior management user within the organisation, such as the MD/CEO as their email is sensitive enough to justify Exchange Online Multi-Factor Authentication.

Two-factor authentication (2FA) or multi-factor authentication (MFA) has been available in Office 365 for many years, but you must manually enable it for your users. Microsoft’s Authenticator App for Android, iOS, and Windows Phone means it is simpler than ever to execute MFA by using push notifications for verifying, instead of users typing in six digit codes.

Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

The geo-distributed, high availability design of Azure AD means that you can rely on it for your most critical business needs. With the prevalence of smart phones, tablets, laptops, and PCs, people have far too many options on how they are going to connect, and stay connected, at any time. Office 365 Multi-Factor Authentication and Exchange Online Multi-Factor Authentication through Azure Multi-Factor Authentication is an easy to use, scalable, and reliable solution that provides a second method of authentication so your users are always correctly authenticated.

People can securely access their accounts and applications from anywhere, which means that they can get more work done and serve customers better.

  • Two-step verification, which requires more than one method of authentication.This means a critical second layer of security is added when a user signs-in. It works by requiring two or more of the following:
    Something you know, a password for example
    Something you have, typically a trusted device that is not easily duplicated, like a phone
    Something you are, such as biometrics
  • It’s easy to use with a range of verification methods including text message, phone call, mobile app or email to alternate account.
    This means, due to the extra protection that comes with Azure Multi-Factor Authentication, users are able to manage their own devices and authenticate in the way they prefer based upon where they are.
  • Azure Multi-Factor Authentication is simple to set up and use. Once enabled, in many instances it can be set up with just a few simple clicks by the user.
    This means the burden of implementation is reduced and users are keen to adopt.
  • Verification with Azure Multi-Factor Authentication is scalable, using the power of the cloud whilst also optionally integrating with your on-premises Active Directory (AD) and custom applications.
    This means that protection is can be extended to your high-volume, mission-critical services.
  • Azure Multi-Factor Authentication provides strong authentication using the highest possible industry standards.
    This means you are not just secure, but also compliant. You can monitor application usage and protect your business from advanced threats with security reporting and monitoring.
  • With a guaranteed 99.9% Service Level Agreement (SLA) for availability, Azure Multi-Factor Authentication is reliable.
    This means you will always be able to authenticate. The service is considered unavailable when it is unable to receive or process verification requests for the two-step verification.

I use Azure MFA with Microsoft ’s OneDrive for Business, SharePoint Online, Office 2016 desktop Apps (I’m not confessing the use of Outlook 2016), mobile Office apps and Skype for Business all on Mac, Windows 8, Windows 10 and iOS and found no issues. However, there are services that need an App Password or are incompatible, so make sure you review all the software and services in use in your organisation. I’ll cover the use of App Passwords in Part 3 of 3.

It is important to note that previously administrative accounts were unable to use PowerShell with Azure multi-factor authentication enforced for the account. Microsoft recommended creating a special account for each admin user to access PowerShell for Office 365 and Exchange Online and that these accounts should be disabled when not in use. Which is clearly ridiculous, so earlier this year they fixed it with the Exchange Online Remote PowerShell Module! You will need to ensure that Modern Authentication is enabled in your Exchange Online tenant before you can use the module.

You must enable Modern Authentication to support Outlook 2016 and Outlook 2013 clients.

Enable modern authentication in Exchange Online

Modern authentication in Office 365 enables authentication features like multi-factor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. Modern authentication is based on the Active Directory Authentication Library (ADAL) and OAuth 2.0. By default, modern authentication is NOT enabled in Exchange Online, however, you can enable it:

  1. Connect to Exchange Online PowerShell:
    To enable Windows PowerShell to run signed scripts, run the following command in an elevated Windows PowerShell window (a Windows PowerShell window you open by selecting Run as administrator):

    Set-ExecutionPolicy RemoteSigned 

    You need to configure this setting only once on your computer, not every time you connect.

  2. Run the following command:
    $UserCredential = Get-Credential 

    In the Windows PowerShell Credential Request dialog box, type your Office 365 user name and password, and then click OK.

  3. Run the following command.
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection 

  4. Run the following command:
    Import-PSSession $Session
  5. Run the following command in Exchange Online PowerShell:
    Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
  6. To verify that the change was successful, run the following command in Exchange Online PowerShell:
    Get-OrganizationConfig | Format-Table -Auto Name,OAuth*

When you enable modern authentication in Exchange Online, Microsoft recommend that you also enable it in Skype for Business Online. For instructions, see SkypeModernAuth. Modern authentication is enabled by default in SharePoint Online.

Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

Log in to the Office 365 admin portal here: https://portal.office.com using an administrator account.

1. From the menu on the left of the portal, expand Users and click Active users:

Office 365 Multi-Factor Authentication Admin Portal Step One

Office 365 MFA Admin Portal Step One

2. In the list of users, click the user you want to enable MFA. Only licensed users can use Office 365 Multi-Factor Authentication. On the user’s pane, click Manage multi-factor authentication under More settings:

Exchange Online Multi-Factor Authentication Select User Step Two

Exchange Online MFA Select User Step Two

3. From the multi-factor authentication display, select the user account to enable, and then click Enable under quick steps on the right:

Office 365 Multi-Factor Authentication User Step Three

Office 365 MFA User Step Three

4. In the About enabling multi-factor auth dialog box, click enable multi-factor authentication:

About Enabling Multi-Factor Authentication Step Four

About Enabling Azure MFA Step Four

5. You should see a dialogue with Enabling multi-factor Authentication:

Azure Enabling Multi-Factor Authentication Step Five

Enabling Azure MFA Step Five

6. Click close when you see Updates successful:

Azure Updates Successful Multi-Factor Authentication Step Six

Updates Successful for Azure MFA Step Six

The Multi-Factor Authentication Status column for the user will change to Enabled. Sign out from the admin portal and close the browser window.

Enrol Accounts for Office 365 & Exchange Online Multi-Factor Authentication

To enrol your user account for Office 365 Online Multi-Factor Authentication, continue to Part Two.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!