, , , , , , , ,

Azure Multi-Factor Authenticator App | HowTo | 3 of 3

Part One | Part Two | Part Three

Azure Multi-Factor Authenticator App: In Part One I covered:

  • Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

  • Enable modern authentication in Exchange Online

  • Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

In Part Two I covered:

  • Enrol Accounts for Office 365 Multi-Factor Authentication

Once Office 365 Multi-Factor Authentication has been enabled and the users enrolled it is sensible for your users to install the Microsoft Authenticator App. The App can be downloaded for a number of devices:


Once the Azure Multi-Factor Authenticator App has downloaded and installed on your device.

Log in to the portal here: https://portal.office.com

  1. Once logged in, click on the Profile Picture on the top right:

    Azure Multi-Factor Authentication Portal Step One

    Azure Multi-Factor Authentication Portal Step One

  2. Click on View account:

    Azure Multi-Factor Authentication Step Two

    Azure Multi-Factor Authentication Step Two

  3. Click on Security & Privacy:

    Azure Multi-Factor Authentication My Account Step Three

    Azure Multi-Factor Authentication My Account Step Three

  4. Click on Additional security verification:

    Azure Multi-Factor Authentication Security Privacy Step Four

    Azure Multi-Factor Authentication Security Privacy Step Four

  5. Click on Update your phone numbers used for account security:

    Azure Multi-Factor Authentication Additional Security Verification Step Five

    Azure Multi-Factor Authentication Additional Security Verification Step Five

  6. Select the Authenticator app tick box:

    Azure Multi-Factor Authentication Security Verification Options Step Six

    Azure Multi-Factor Authenticator App Security Verification Options Step Six

  7. While you are here you can add in the Alternate authentication phone. Click Configure:

    Azure Multi-Factor Authentication Security Verification Details Step Seven

    Azure Multi-Factor Authenticator App Security Verification Details Step Seven

  8. You should see the Configure mobile app message box:

    Azure Multi-Factor Authentication Retrieving App Step Eight

    Azure Multi-Factor Authenticator App Retrieving App Step Eight

  9. The Configure mobile app QR code will now display:

    Azure Multi-Factor Authentication Configure App Step Nine

    Azure Multi-Factor Authenticator App Configure App Step Nine

  10. Open your Authenticator App on your device. The example below is from an iPhone. Select the plus + sign in the top right:

    Azure Authenticator App for iPhone Step Ten

    Azure Authenticator App for iPhone Step Ten

  11. Select Work or school account:

    Azure Authenticator App for iPhone Account Step Eleven

    Azure Authenticator App for iPhone Account Step Eleven

  12. Point the camera of your device at your screen to detect the QR code. If you receive a notification to allow the App access to your camera, select Allow. Otherwise select the Or enter code manually:

    Azure Authenticator App for iPhone QR Code Step Twelve

    Azure Authenticator App for iPhone QR Code Step Twelve

  13. You should now have a new account:

    Azure Authenticator App for iPhone Complete Step Thirteen

    Azure Authenticator App for iPhone Complete Step Thirteen

  14. The activation status will now be checked:

    Azure Multi-Factor Authentication Checking Status Step Fourteen

    Azure Multi-Factor Authentication Checking Status Step Fourteen

  15. Click Save:

    Azure Multi-Factor Authentication App Configured Step Fifteen

    Azure Multi-Factor Authentication App Configured Step Fifteen

  16. Click Verify preferred option:

    Azure Multi-Factor Authentication Configure App Step Sixteen

    Azure Multi-Factor Authentication Configure App Step Sixteen

  17. You should now see the Verifying app notice:

    Azure Multi-Factor Authentication Verifying App Step Seventeen

    Azure Multi-Factor Authentication Verifying App Step Seventeen

  18. Open the Authenticator App on your device. Enter the code in the verification code box. The code will change every thirty seconds. Click Verify:

    Azure Multi-Factor Authentication Verification Code Step Eighteen

    Azure Multi-Factor Authentication Verification Code Step Eighteen

  19. If you receive a Verification failed error it’s most probably because you were too slow:). Click Retry and repeat steps 16, 17 and 18:

    Azure Multi-Factor Authentication Verification Failed Nineteen

    Azure Multi-Factor Authentication Verification Failed Nineteen

  20. Once successful you will see an Updates successful notice. Click Close:

    Azure Multi-Factor Authentication Setup Success Step Twenty

    Azure Multi-Factor Authentication Setup Success Step Twenty

  21. That’s it. You will now be returned to the Portal home page. I recommend using the Notify me through the app option by going through steps 1 to 5 to return to:

    Azure Multi-Factor Authentication Select Option Step Twenty One

    Azure Multi-Factor Authentication Select Option Step Twenty One

In order to test, log out of the portal then log back in. You will be prompted for your verification code or your device will notify you that verification is required depending upon which option you chose.

One final task is to create and assign App Passwords, which I will cover in two future posts: Office 365 App Password | HowTo | 1 of 2

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , ,

Cloud Network Providers | Connect Your Private Network to the Cloud

Organisations are not limited to only a single cloud network providers solution option. Furthermore, they’re not merely able to access valuable cloud resources via the Internet. We advocate a combination of the solutions below to form a resilient, high-speed, high-availability, hybrid cloud network.

We’ve covered Cloud Connect and Cloud Connectivity Providers previously. Subsequently, a customer asked us to provide an overview of the options that they had available to them. The brief was “How do I connect my private network to my cloud network providers”.

In order to implement a connection from their private network space to their cloud network providers, there were questions we needed to ask:

Will the connection be temporary or permanent?


Temporary connections limit available options because of the potential contractual commitments. These can often be mitigated by utilising existing arrangements if your current suppliers are flexible and technically capable.

What is the capacity required?


If you are moving a large volume of data utilising already hard pressed capacity via the Internet is going to struggle and will impact on existing usage. Bursting capacity for a short period of time may be an option, dependent upon your existing supplier delivery. Serviceteam IT have previously moved very large data volumes (tens of Terabytes) via 10Gbps internet access within our colocation provider.

How resilient does it need to be?


This is of course dependent upon how important access to the data you’ll have with the private cloud network provider. You should already have resilient access to the Internet. Meaning it will be simpler to ensure access to the cloud network provider is equally resilient.

Where will the connection be coming from?


Is the private network located at a fixed office site?

  1. Are there multiple office locations?
  2. How are the multiple office locations connected, physically and logically?
  3. What is the primary leased line from the site? Is it fibre Ethernet?
  4. Does the primary leased line provider support 802.1Q VLANs?
  5. What major data centres, such as Telehouse or Telecity, is the primary leased line provider present in?
  6. What resiliency exists for the leased line?
  7. Who provides the physical connectivity resiliency?
  8. Who manages the physical and logical resiliency?
  9. Is the logical private network resilient, such as failover routes via alternate leased line providers to another site?
  10. What firewall devices are present at the site?
  11. How are they configured, such as High Availability Active/Active?
  12. Are site-to-site licenses available on the devices?
  13. Are there VPN failover policies enabled?
  14. Who manages these devices?
  15. Do the office locations have sufficient internet access capacity?
  16. Is there sufficient fibre Ethernet capacity to upgrade internet access?

Is the private network in a colocation facility?

  1. Are there multiple colocation facilities?
  2. Who provides the network connectivity between the facilities?
  3. Do the colocation providers supply backhaul via 802.1Q VLANs?
  4. What physical and logical connectivity resiliency is in place?
  5. Are the colocation providers supplying Managed Internet Access (MIA)?
  6. How are they connecting you to the internet, such as their own feed or a third party transit provider?
  7. How are the public peering arrangements organised? What are the private peering arrangements?
  8. In which major data centres, such as Telehouse or Telecity, are the colocation providers present in.
  9. What firewall devices are present at the colocation sites?
  10. Who manages the firewall devices?
  11. What edge routers do they operate?

As an aside, we’ve worked with customers who have infrastructure in colocation facilities, where not only has the colocation facility been unable to supply backhaul via 802.1Q VLANs, but also had no internet peering arrangements. They at least had two colocation facilities for resilience!



Virtual Private Network (VPN)

In almost all cases, public cloud services begin via publicly accessible services, such as websites. As organisations become ever increasingly comfortable with public cloud, the practicalities of hosting more business critical information increases. And yet, the security of the information and access to the information remains paramount. An Internet VPN is the first, and arguably the simplest, option. It provides the shortest lead time of all of the options.

Public cloud providers offer VPN appliances, or an option for native VPN through the cloud providers control panel. Device support includes many options from hardware VPN concentrators to OS-based VPN solutions, such as OpenVPN. Cloud network providers will charge for the compute instances hosting the VPN appliance. Bear in mind cloud network providers charge for the bandwidth. Data transferred via a VPN counts against data transfer cost. There are no minimum commitments associated with VPN options. VPN connections to the cloud network provider are most suited to temporary or network failover.

Direct Connectivity

The VPN option limits the ability to offer a consistent experience over a common internet connection. It’s bandwidth you share with user and service access, which can become saturated with high capacity users, or reduce service effectiveness for voice and video. For a far more predictable connection, cloud network providers offer direct private connections via major data centre facilities.

Cloud providers ordinarily partner with large data centre operators. These operators terminate multiple cloud provider networks into their facilities, often via a meet-me room. Other providers rent facilities from these data centre providers, and the data centre provider offers a cross-connect, known as an Xconnect, from the cloud provider’s facilities to customer facilities. This can sometimes involve many parties. For example, if your private network is located in a colocation data centre, you will need to:

Creating your own connection to Cloud Network Providers

  • create a VLAN to the local edge router, lets call it A, of the colocation provider;
  • backhaul via a VLAN to an edge router, lets call it B, of your third party colocation provider in the major data centre provider facility;
  • set-up a cross-connect from edge router B, to the edge router, lets call it C, of the major data centre provider;
  • install a cross-connect from edge router C, to the edge router, lets call it D, of the probable additional cabling provider within the facility;
  • organise a cross-connect from edge router D, to the edge router, lets call it E, of the cloud network provider;
  • enable a Cloud Connect service from edge router E, to the LAN, lets call it F, of the VPC;
  • in each of the steps you will have options for either a port based VLAN or an ID based VLAN, sometimes both, sometimes only one;
  • once all the physical connections have been enabled and tested, then the real fun begins as you have to logically address and apply a routing schema, ordinarily BGP, between your private network and the cloud network provider.


Direct connections generally come in two Ethernet speeds of 1Gbps or 10Gbps. With AWS you then have a CDR, which is carried over the Ethernet capacity, and is a minimum of 10Mbps. The data centre provider charges for the cross connect, while the cloud provider charges for the port, and everyone else charges for backhauls and cabling.

Most cloud providers allow unlimited transfer over direct connect, which brings down the per gigabyte transfer cost. Often the major data centre providers offer shorter terms, such as 1-month commitments. Cross-connects usually carry a 12 month term. Customers can leverage the shorter commitments for short-term projects to transfer lots of data, or to test a new service from a cloud provider.

Connect to Cloud Network Providers with Serviceteam IT

Telco providers are increasingly offering services based on a Cloud Connect model. Capacity (speeds) between 1Gbps and 10Gps are more desirable. Telco providers bundle connectivity to a cloud network provider. More often, these connections are Cloud Connect to the major data centre providers without the complications of cross connects or VLAN type mismatch, robust physical failover and resilience of the route with a cohesive routing schema between the private network to the cloud network provider.

Organisations have a far wider variety of connectivity options. Telco providers can offer Ethernet connection options with MPLS and VPLS to your preferred cloud network provider. This can be delivered as one-to-many, many-to-one or many-to-many. Telco terms don’t always mimic existing WAN commitment lengths, ordinarily 24 or 36 months, as we have contracts with 36 month resilient fibre Ethernet connections and only 12 month Cloud Connect services carried over the resilient fibre Ethernet.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , , ,

Office 365 Multi-Factor Authentication | HowTo | 2 of 3

Part One | Part Two | Part Three

Office 365 Multi-Factor Authentication: In Part One of Three I covered:

  • Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

  • Enable modern authentication in Exchange Online

  • Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

The next phase of the process is to enrol the user for Office 365 Multi-Factor Authentication.

Enrol Accounts for Office 365 Multi-Factor Authentication

Once the attribute has been enabled for their account via an administrator, the user now needs to register for . The user should sign in as normal:

  1. Log in to the portal here: https://portal.office.com using using their username and password. Click Sign in:
    Office 365 Multi-Factor Authentication Login Step One

    Login Step One

  2. The user will now see the below asking them to further verify their account. Click Set it up now:
    Office 365 Multi-Factor Authentication Set-Up Step Two

    Exchange Online MFA Set-Up Step Two

  3. The user will now see two drop-down option boxes. The first for the method and the second for location:
    Office 365 Multi-Factor Authentication Verify Step Three

    Office 365 MFA Verify Step Three

  4. I recommend using the Authentication phone option as we will assume the user has no contact details added in their profile. This allows them to select the country and set the number the text or call verification is sent to. Click Select you country or region, select the appropriate one for you. Enter your number to be contacted, the example is 123456789. Select the Send me a code by text message or Call me., the example is text message. Click Contact me:
    Office 365 Multi-Factor Authentication Verify Step Four

    Azure MFA Verify Step Four

  5. You will now be taken to Step 2, confirming that a text message has been sent to the telephone number with the country code you completed in 4 above.
    Office 365 Multi-Factor Authentication Send Text Step Five

    Exchange Online MFA Send Text Step Five

  6. You will receive a text message on your phone within 60 seconds. If you do not receive the verification code text, please check the number displayed in 5 above:
    Office 365 Multi-Factor Authentication Verify Code Step Six

    Office 365 MFA Verify Code Step Six

  7. Use the code from 6 and enter it in to the box, the example below is 373318. Click Verify:
    Office 365 Multi-Factor Authentication Add Code Step Seven

    Azure MFA Add Code Step Seven

  8. You have now verified your identity and will be given an App Password which can be used to access your email using an application, such as the Apple Mail App. I will cover App Passwords in more detail in Part Three. Click Done:
    Office 365 Multi-Factor Authentication Initial App Password Step Eight

    Exchange Online MFA Initial App Password Step Eight

  9. If this was a new user with a temporary password they will need to update their password and Sign in. Enter the Current passwordNew password and Confirm (new) Password:
    Office 365 Multi-Factor Authentication Password Update Step Nine

    Azure MFA Password Update Step Nine

  10. Click Update password and sign in:
    Office 365 Multi-Factor Authentication Password Update Step Ten

    Office 365 MFA Password Update Step Ten

  11. If you have self-service password recovery enabled will now need to enter additional information in order to recover access to your account. Click Next:
    Office 365 Multi-Factor Authentication Password Authorisation Step Eleven

    Azure MFA Password Authorisation Step Eleven

  12. Select the Authentication email Set it up now:
    Office 365 Multi-Factor Authentication Password Authorisation Step Twelve

    Exchange Online MFA Password Authorisation Step Twelve

  13. Enter an email address that you have access to, such as your personal email address. You cannot add any email domains which are associated with your Exchange Online Tenant as this needs to be unique to the user. Click email me:
    Office 365 Multi-Factor Authentication Password Additional Verification Step Thirteen

    Azure MFA Password Additional Verification Step Thirteen

  14. You will now receive a verification code via email to the address you entered in 13:
    Office 365 Multi-Factor Authentication Email Confirmation Step Fourteen

    Office 365 MFA Email Confirmation Step Fourteen

  15. Enter the code you received in 14 in the box, in the example the code is 836919. Click verify:
    Office 365 Multi-Factor Authentication Code Confirmation Step Fifteen

    Azure MFA Code Confirmation Step Fifteen

  16. We now need to set the Authentication phone. Select Verify:
    Office 365 Multi-Factor Authentication Phone Verify Step Sixteen

    Exchange Online MFA Phone Verify Step Sixteen

  17. In this step you will verify the number you used in 4. Click text me:
    Office 365 Multi-Factor Authentication Text Verify Step Seventeen

    Azure MFA Text Verify Step Seventeen

  18. You will receive a text message on your phone within 60 seconds:
    Office 365 Multi-Factor Authentication Text Verify Step Eighteen

    Office 365 MFA Text Verify Step Eighteen

  19. Use the code from 18 and enter it in to the box, in the example the code is 242564. Click Verify:
    Office 365 Multi-Factor Authentication Text Verify Step Nineteen

    Azure MFA Text Verify Step Nineteen

  20. You have now created two forms of verification and your account recovery details. Click finish:
    Office 365 Multi-Factor Authentication Verify Complete Step Twenty

    Exchange Online MFA Verify Complete Step Twenty

Enrol Authenticator App for Azure Multi-Factor Authentication

To enrol your user account for Office 365 Multi-Factor Authentication App and create App Passwords, continue to Part Three.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , , ,

Exchange Online Multi-Factor Authentication | HowTo | 1 of 3

Part One | Part Two | Part Three

Exchange Online Multi-Factor Authentication: We’ve covered the notion of two-factor authentication (2FA) and Exchange Online multi-factor authentication (MFA) before, especially how you MUST enable it for sensitive accounts. I include all IT users, especially those with administrative access, plus any senior management user within the organisation, such as the MD/CEO as their email is sensitive enough to justify Exchange Online Multi-Factor Authentication.

Two-factor authentication (2FA) or multi-factor authentication (MFA) has been available in Office 365 for many years, but you must manually enable it for your users. Microsoft’s Authenticator App for Android, iOS, and Windows Phone means it is simpler than ever to execute MFA by using push notifications for verifying, instead of users typing in six digit codes.

Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

The geo-distributed, high availability design of Azure AD means that you can rely on it for your most critical business needs. With the prevalence of smart phones, tablets, laptops, and PCs, people have far too many options on how they are going to connect, and stay connected, at any time. Office 365 Multi-Factor Authentication and Exchange Online Multi-Factor Authentication through Azure Multi-Factor Authentication is an easy to use, scalable, and reliable solution that provides a second method of authentication so your users are always correctly authenticated.

People can securely access their accounts and applications from anywhere, which means that they can get more work done and serve customers better.

  • Two-step verification, which requires more than one method of authentication.This means a critical second layer of security is added when a user signs-in. It works by requiring two or more of the following:
    Something you know, a password for example
    Something you have, typically a trusted device that is not easily duplicated, like a phone
    Something you are, such as biometrics
  • It’s easy to use with a range of verification methods including text message, phone call, mobile app or email to alternate account.
    This means, due to the extra protection that comes with Azure Multi-Factor Authentication, users are able to manage their own devices and authenticate in the way they prefer based upon where they are.
  • Azure Multi-Factor Authentication is simple to set up and use. Once enabled, in many instances it can be set up with just a few simple clicks by the user.
    This means the burden of implementation is reduced and users are keen to adopt.
  • Verification with Azure Multi-Factor Authentication is scalable, using the power of the cloud whilst also optionally integrating with your on-premises Active Directory (AD) and custom applications.
    This means that protection is can be extended to your high-volume, mission-critical services.
  • Azure Multi-Factor Authentication provides strong authentication using the highest possible industry standards.
    This means you are not just secure, but also compliant. You can monitor application usage and protect your business from advanced threats with security reporting and monitoring.
  • With a guaranteed 99.9% Service Level Agreement (SLA) for availability, Azure Multi-Factor Authentication is reliable.
    This means you will always be able to authenticate. The service is considered unavailable when it is unable to receive or process verification requests for the two-step verification.

I use Azure MFA with Microsoft ’s OneDrive for Business, SharePoint Online, Office 2016 desktop Apps (I’m not confessing the use of Outlook 2016), mobile Office apps and Skype for Business all on Mac, Windows 8, Windows 10 and iOS and found no issues. However, there are services that need an App Password or are incompatible, so make sure you review all the software and services in use in your organisation. I’ll cover the use of App Passwords in Part 3 of 3.

It is important to note that previously administrative accounts were unable to use PowerShell with Azure multi-factor authentication enforced for the account. Microsoft recommended creating a special account for each admin user to access PowerShell for Office 365 and Exchange Online and that these accounts should be disabled when not in use. Which is clearly ridiculous, so earlier this year they fixed it with the Exchange Online Remote PowerShell Module! You will need to ensure that Modern Authentication is enabled in your Exchange Online tenant before you can use the module.

You must enable Modern Authentication to support Outlook 2016 and Outlook 2013 clients.

Enable modern authentication in Exchange Online

Modern authentication in Office 365 enables authentication features like multi-factor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. Modern authentication is based on the Active Directory Authentication Library (ADAL) and OAuth 2.0. By default, modern authentication is NOT enabled in Exchange Online, however, you can enable it:

  1. Connect to Exchange Online PowerShell:
    To enable Windows PowerShell to run signed scripts, run the following command in an elevated Windows PowerShell window (a Windows PowerShell window you open by selecting Run as administrator):

    Set-ExecutionPolicy RemoteSigned 

    You need to configure this setting only once on your computer, not every time you connect.

  2. Run the following command:
    $UserCredential = Get-Credential 

    In the Windows PowerShell Credential Request dialog box, type your Office 365 user name and password, and then click OK.

  3. Run the following command.
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection 

  4. Run the following command:
    Import-PSSession $Session
  5. Run the following command in Exchange Online PowerShell:
    Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
  6. To verify that the change was successful, run the following command in Exchange Online PowerShell:
    Get-OrganizationConfig | Format-Table -Auto Name,OAuth*

When you enable modern authentication in Exchange Online, Microsoft recommend that you also enable it in Skype for Business Online. For instructions, see SkypeModernAuth. Modern authentication is enabled by default in SharePoint Online.

Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

Log in to the Office 365 admin portal here: https://portal.office.com using an administrator account.

1. From the menu on the left of the portal, expand Users and click Active users:

Office 365 Multi-Factor Authentication Admin Portal Step One

Office 365 MFA Admin Portal Step One

2. In the list of users, click the user you want to enable MFA. Only licensed users can use Office 365 Multi-Factor Authentication. On the user’s pane, click Manage multi-factor authentication under More settings:

Exchange Online Multi-Factor Authentication Select User Step Two

Exchange Online MFA Select User Step Two

3. From the multi-factor authentication display, select the user account to enable, and then click Enable under quick steps on the right:

Office 365 Multi-Factor Authentication User Step Three

Office 365 MFA User Step Three

4. In the About enabling multi-factor auth dialog box, click enable multi-factor authentication:

About Enabling Multi-Factor Authentication Step Four

About Enabling Azure MFA Step Four

5. You should see a dialogue with Enabling multi-factor Authentication:

Azure Enabling Multi-Factor Authentication Step Five

Enabling Azure MFA Step Five

6. Click close when you see Updates successful:

Azure Updates Successful Multi-Factor Authentication Step Six

Updates Successful for Azure MFA Step Six

The Multi-Factor Authentication Status column for the user will change to Enabled. Sign out from the admin portal and close the browser window.

Enrol Accounts for Office 365 & Exchange Online Multi-Factor Authentication

To enrol your user account for Office 365 Online Multi-Factor Authentication, continue to Part Two.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , , , ,

Cyber Security: Office 365 as 802.1X RADIUS Password Authentication

Cyber security is critical. Secure your wireless network via 802.1X RADIUS using Office 365 with Azure AD for password authentication delegation with directory sync. Implement 802.1x RADIUS on almost any access point in minutes and for free.

If you purchase new, or renew existing, Office 365 licences:

SAVE AT LEAST 5%

This includes Exchange Online, SharePoint Online, Skype for Business, OneDrive for Business and the entire suite of Office 365 pricing.

Cyber Security Office 365 and 802.1X RADIUS

Security is paramount for any business, especially given the rise in cyber attacks, data thefts and major network breaches. I won’t list the major names, as that’s been done, but you can read the Cyber Security Breaches Survey 2016.  Much of that research was aimed at larger organisations, even though it’s far easier for enterprise-level companies to secure their resources. But what about the rest of us, Startups, Micro-Businesses and Small to Medium sized organisations?
We ourselves use Foxpass for network access control and cyber security, and have deployed this service for our customers. Foxpass has a mission to foster better identity management in the workplace, whilst being easy to deploy and cost effective to acquire. It’s a service organisations of any size will be able to use to get the exact same level of infrastructure security that large enterprises enjoy.

Why is wireless a cyber security issue?

In many of the companies I talk to, employees, contractors and one time visitors share the same login credentials when it comes to accessing the Internet via wireless. So far so good, however, virtually every startup or small business uses that same wireless access point to connect to internal systems. Be that a file server or individual user computers. In all honesty, I’m by no means an authority on 802.1X Radius, but my opinion is the benefits of using 802.1X RADIUS security with Office 365 and Azure AD for authentication far outweigh the disadvantages.

How hard can it be to hack a WiFi network?

https://null-byte.wonderhowto.com/how-to/hack-wi-fi-get-anyones-wi-fi-password-without-cracking-using-wifiphisher-0165154/


Why should we use 802.1x RADIUS for security?

  1. When a user authenticates to an SSID using 802.1X RADIUS that session is encrypted between the user and the access point.This means that another user connected to the same SSID cannot sniff the traffic and acquire information as they have a unique encryption key for their connection. With a Pre-Shared Key (PSK) network, every device is connected with “shared encryption”, meaning they can all see each other’s traffic.
  2. If you need to remove or disable a specific user or device, 802.1x RADIUS makes this far simpler as you disconnect a single user or device.This means you will not need to change the key for everyone, or all devices, closing the security risk of that user or device joining the network again.
  3. You can assign specific network permissions and policies such as VLAN, firewall, QoS, tunneling, schedules, access control lists.This means everything within a user profile can be dynamically assigned to users based on their identity or groups where users are members. With a Pre-Shared Key, you get a single profile that is shared. Using 802.1X RADIUS, different permissions based on the attribute returned from the RADIUS server are assigned.
  4. With 802.1X RADIUS each user gets a new unique key every time the user authenticates. This key continuously changes while the user is authenticated to the wireless network.This means If it takes a cracker one hour to crack the key, but the key is regenerating every thirty minutes, by the time the cracker has the key it is useless.

Why use Office 365 and Azure Multi-Factor Authentication?

The geo-distributed, high availability design of Azure AD means that you can rely on it for your most critical business needs. With the prevalence of smart phones, tablets, laptops, and PCs, people have far too many different options on how they are going to connect, and stay connected, at any time. Azure Multi-Factor Authentication is an easy to use, scalable, and reliable solution that provides a second method of authentication so your users are always correctly authenticated.
People can access their accounts and applications from anywhere, which means that they can get more work done and serve customers better.

  1. Two-step verification, which requires more than one method of authentication.This means a critical second layer of security is added when a user signs-in. It works by requiring two or more of the following:Something you know, a password for example
    Something you have, typically a trusted device that is not easily duplicated, like a phone
    Something you are, such as biometrics
  2. It’s easy to use with a range of verification methods including text message, phone call, mobile app or email to alternate account.This means, due to the extra protection that comes with Azure Multi-Factor Authentication, users are able to manage their own devices and authenticate in the way they prefer based upon where they are.
  3. Azure Multi-Factor Authentication is simple to set up and use. Once enabled, in many instances it can be set up with just a few simple clicks by the user.This means the burden of implementation is reduced and users are keen to adopt.
  4. Verification with Azure Multi-Factor Authentication is scalable, using the power of the cloud whilst also optionally integrating with your on-premises Active Directory (AD) and custom applications.This means that protection is can be extended to your high-volume, mission-critical services.
  5. Azure Multi-Factor Authentication provides strong authentication using the highest possible industry standards.This means you are not just secure, but also compliant. You can monitor application usage and protect your business from advanced threats with security reporting and monitoring.
  6. With a guaranteed 99.9% Service Level Agreement (SLA) for availability, Azure Multi-Factor Authentication is reliable.This means you will always be able to authenticate. The service is considered unavailable when it is unable to receive or process verification requests for the two-step verification.

In a future post I’ll add some instructions of how to enable 802.1X RADIUS in a wireless network using Foxpass. In order to offer our clients complete peace of mind regarding cyber security, we’re a Silver Productivity Partner with Microsoft. We partner with select providers, such as Foxpass, targeting our customers specific cyber security needs.


With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!