, , , , , ,

Ransomware Backup Protection | 1 of 2

Given the breach at the UK Governments leader in all things cyber security, the National Cyber Security Centre, perhaps now is a good time to discuss cyber security again, especially ransomware backup protection? As a little background the NCSC was opened to much fanfare by Her Majesty the Queen, and is headed up by chief executive Ciaran Martin, Director-General Cyber at GCHQ. The centre was announced by then chancellor, George Osborne, with £1.9 billion being made available for tackling cyber crime by 2020. Interestingly, the budget indicated an undisclosed amount to launch cyber attacks against terrorists and other countries.

To sum up, they have the right people, they have plenty of money, they have the full backing of government and industry. So why exactly do they not have a clue? The deliverables of the Cyber Security Essentials are, in my opinion, woefully inadequate, with the assumption of an organisations IT being in the 20th Century and not the 21st Century. By way of a simple example, their infographic regarding Password Guidance is nothing short of laughable. Such as, “Only use passwords where they are needed?” Passwords are a minimum requirement for every single element of an organisational network. No ifs or buts, which I said in Password, encryption and good Practice in 2015. I can’t stress enough the importance of Multi-Factor Authentication alongside passwords.

Why use Ransomware Backup Protection?

Using the recent WannaCry Ransomware incident as an example of how ransomware backup protection should be used, in October 2016 the NCSC published the guidance Protecting your organisation from ransomware. In the original guidance they recommended:

“Backups should be considered a last resort only, as the adoption of good security practices will mean not getting ransomware in the first place.”

Where I agree wholeheartedly with good practice to begin with, ransomware backup protection must form part of that. In mid-December they received feedback that “this line could be misinterpreted by a busy reader as”

“the NCSC does not advocate keeping backups”

Which therefore precipitated clarification, almost a month later! Backing up a bit, proving the Technical Director for Assurance has a sense of humour at least, although falling short of recommending ransomware backup protection:

Just to be clear: the NCSC recommend organisations use backups as a way to help mitigate against a wide range of potentially catastrophic problems, such as fire, theft, flooding, and – naturally – ransomware. Our intention with this paragraph was to note that whilst a backup can help minimise the harm that a ransomware incident causes to an organisation (assuming the backup is current, and is not able to be compromised itself by the ransomware), backups shouldn’t be seen as the primary defence against ransomware. Backups are a last resort, rather than a primary protection. It’s better to design and operate your systems in such a way as to minimise the chances of ransomware gaining a foothold, and to use backups as a mitigation should this occur.

Right then. Ransomware backup protection is good, according to the NCSC. In part two I’ll dicuss what to backup, and how to backup, whilst still wondering that perhaps the undisclosed element of the £1.9 billion was the greater proportion of the pot. And constantly looking over my shoulder, as I’m probably on a list, because of Britain’s nuclear submarines at risk of same cyber attack that crippled the NHS say experts on 21st May. The 36 page follow-up report, released by BASIC last week, HACKING UK TRIDENT: A Growing Threat makes really interesting reading.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , ,

Azure Multi-Factor Authenticator App | HowTo | 3 of 3

Part One | Part Two | Part Three

Azure Multi-Factor Authenticator App: In Part One I covered:

  • Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

  • Enable modern authentication in Exchange Online

  • Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

In Part Two I covered:

  • Enrol Accounts for Office 365 Multi-Factor Authentication

Once Office 365 Multi-Factor Authentication has been enabled and the users enrolled it is sensible for your users to install the Microsoft Authenticator App. The App can be downloaded for a number of devices:


Once the Azure Multi-Factor Authenticator App has downloaded and installed on your device.

Log in to the portal here: https://portal.office.com

  1. Once logged in, click on the Profile Picture on the top right:

    Azure Multi-Factor Authentication Portal Step One

    Azure Multi-Factor Authentication Portal Step One

  2. Click on View account:

    Azure Multi-Factor Authentication Step Two

    Azure Multi-Factor Authentication Step Two

  3. Click on Security & Privacy:

    Azure Multi-Factor Authentication My Account Step Three

    Azure Multi-Factor Authentication My Account Step Three

  4. Click on Additional security verification:

    Azure Multi-Factor Authentication Security Privacy Step Four

    Azure Multi-Factor Authentication Security Privacy Step Four

  5. Click on Update your phone numbers used for account security:

    Azure Multi-Factor Authentication Additional Security Verification Step Five

    Azure Multi-Factor Authentication Additional Security Verification Step Five

  6. Select the Authenticator app tick box:

    Azure Multi-Factor Authentication Security Verification Options Step Six

    Azure Multi-Factor Authenticator App Security Verification Options Step Six

  7. While you are here you can add in the Alternate authentication phone. Click Configure:

    Azure Multi-Factor Authentication Security Verification Details Step Seven

    Azure Multi-Factor Authenticator App Security Verification Details Step Seven

  8. You should see the Configure mobile app message box:

    Azure Multi-Factor Authentication Retrieving App Step Eight

    Azure Multi-Factor Authenticator App Retrieving App Step Eight

  9. The Configure mobile app QR code will now display:

    Azure Multi-Factor Authentication Configure App Step Nine

    Azure Multi-Factor Authenticator App Configure App Step Nine

  10. Open your Authenticator App on your device. The example below is from an iPhone. Select the plus + sign in the top right:

    Azure Authenticator App for iPhone Step Ten

    Azure Authenticator App for iPhone Step Ten

  11. Select Work or school account:

    Azure Authenticator App for iPhone Account Step Eleven

    Azure Authenticator App for iPhone Account Step Eleven

  12. Point the camera of your device at your screen to detect the QR code. If you receive a notification to allow the App access to your camera, select Allow. Otherwise select the Or enter code manually:

    Azure Authenticator App for iPhone QR Code Step Twelve

    Azure Authenticator App for iPhone QR Code Step Twelve

  13. You should now have a new account:

    Azure Authenticator App for iPhone Complete Step Thirteen

    Azure Authenticator App for iPhone Complete Step Thirteen

  14. The activation status will now be checked:

    Azure Multi-Factor Authentication Checking Status Step Fourteen

    Azure Multi-Factor Authentication Checking Status Step Fourteen

  15. Click Save:

    Azure Multi-Factor Authentication App Configured Step Fifteen

    Azure Multi-Factor Authentication App Configured Step Fifteen

  16. Click Verify preferred option:

    Azure Multi-Factor Authentication Configure App Step Sixteen

    Azure Multi-Factor Authentication Configure App Step Sixteen

  17. You should now see the Verifying app notice:

    Azure Multi-Factor Authentication Verifying App Step Seventeen

    Azure Multi-Factor Authentication Verifying App Step Seventeen

  18. Open the Authenticator App on your device. Enter the code in the verification code box. The code will change every thirty seconds. Click Verify:

    Azure Multi-Factor Authentication Verification Code Step Eighteen

    Azure Multi-Factor Authentication Verification Code Step Eighteen

  19. If you receive a Verification failed error it’s most probably because you were too slow:). Click Retry and repeat steps 16, 17 and 18:

    Azure Multi-Factor Authentication Verification Failed Nineteen

    Azure Multi-Factor Authentication Verification Failed Nineteen

  20. Once successful you will see an Updates successful notice. Click Close:

    Azure Multi-Factor Authentication Setup Success Step Twenty

    Azure Multi-Factor Authentication Setup Success Step Twenty

  21. That’s it. You will now be returned to the Portal home page. I recommend using the Notify me through the app option by going through steps 1 to 5 to return to:

    Azure Multi-Factor Authentication Select Option Step Twenty One

    Azure Multi-Factor Authentication Select Option Step Twenty One

In order to test, log out of the portal then log back in. You will be prompted for your verification code or your device will notify you that verification is required depending upon which option you chose.

One final task is to create and assign App Passwords, which I will cover in two future posts: Office 365 App Password | HowTo | 1 of 2

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , ,

Cloud Network Providers | Connect Your Private Network to the Cloud

Organisations are not limited to only a single cloud network providers solution option. Furthermore, they’re not merely able to access valuable cloud resources via the Internet. We advocate a combination of the solutions below to form a resilient, high-speed, high-availability, hybrid cloud network.

We’ve covered Cloud Connect and Cloud Connectivity Providers previously. Subsequently, a customer asked us to provide an overview of the options that they had available to them. The brief was “How do I connect my private network to my cloud network providers”.

In order to implement a connection from their private network space to their cloud network providers, there were questions we needed to ask:

Will the connection be temporary or permanent?


Temporary connections limit available options because of the potential contractual commitments. These can often be mitigated by utilising existing arrangements if your current suppliers are flexible and technically capable.

What is the capacity required?


If you are moving a large volume of data utilising already hard pressed capacity via the Internet is going to struggle and will impact on existing usage. Bursting capacity for a short period of time may be an option, dependent upon your existing supplier delivery. Serviceteam IT have previously moved very large data volumes (tens of Terabytes) via 10Gbps internet access within our colocation provider.

How resilient does it need to be?


This is of course dependent upon how important access to the data you’ll have with the private cloud network provider. You should already have resilient access to the Internet. Meaning it will be simpler to ensure access to the cloud network provider is equally resilient.

Where will the connection be coming from?


Is the private network located at a fixed office site?

  1. Are there multiple office locations?
  2. How are the multiple office locations connected, physically and logically?
  3. What is the primary leased line from the site? Is it fibre Ethernet?
  4. Does the primary leased line provider support 802.1Q VLANs?
  5. What major data centres, such as Telehouse or Telecity, is the primary leased line provider present in?
  6. What resiliency exists for the leased line?
  7. Who provides the physical connectivity resiliency?
  8. Who manages the physical and logical resiliency?
  9. Is the logical private network resilient, such as failover routes via alternate leased line providers to another site?
  10. What firewall devices are present at the site?
  11. How are they configured, such as High Availability Active/Active?
  12. Are site-to-site licenses available on the devices?
  13. Are there VPN failover policies enabled?
  14. Who manages these devices?
  15. Do the office locations have sufficient internet access capacity?
  16. Is there sufficient fibre Ethernet capacity to upgrade internet access?

Is the private network in a colocation facility?

  1. Are there multiple colocation facilities?
  2. Who provides the network connectivity between the facilities?
  3. Do the colocation providers supply backhaul via 802.1Q VLANs?
  4. What physical and logical connectivity resiliency is in place?
  5. Are the colocation providers supplying Managed Internet Access (MIA)?
  6. How are they connecting you to the internet, such as their own feed or a third party transit provider?
  7. How are the public peering arrangements organised? What are the private peering arrangements?
  8. In which major data centres, such as Telehouse or Telecity, are the colocation providers present in.
  9. What firewall devices are present at the colocation sites?
  10. Who manages the firewall devices?
  11. What edge routers do they operate?

As an aside, we’ve worked with customers who have infrastructure in colocation facilities, where not only has the colocation facility been unable to supply backhaul via 802.1Q VLANs, but also had no internet peering arrangements. They at least had two colocation facilities for resilience!



Virtual Private Network (VPN)

In almost all cases, public cloud services begin via publicly accessible services, such as websites. As organisations become ever increasingly comfortable with public cloud, the practicalities of hosting more business critical information increases. And yet, the security of the information and access to the information remains paramount. An Internet VPN is the first, and arguably the simplest, option. It provides the shortest lead time of all of the options.

Public cloud providers offer VPN appliances, or an option for native VPN through the cloud providers control panel. Device support includes many options from hardware VPN concentrators to OS-based VPN solutions, such as OpenVPN. Cloud network providers will charge for the compute instances hosting the VPN appliance. Bear in mind cloud network providers charge for the bandwidth. Data transferred via a VPN counts against data transfer cost. There are no minimum commitments associated with VPN options. VPN connections to the cloud network provider are most suited to temporary or network failover.

Direct Connectivity

The VPN option limits the ability to offer a consistent experience over a common internet connection. It’s bandwidth you share with user and service access, which can become saturated with high capacity users, or reduce service effectiveness for voice and video. For a far more predictable connection, cloud network providers offer direct private connections via major data centre facilities.

Cloud providers ordinarily partner with large data centre operators. These operators terminate multiple cloud provider networks into their facilities, often via a meet-me room. Other providers rent facilities from these data centre providers, and the data centre provider offers a cross-connect, known as an Xconnect, from the cloud provider’s facilities to customer facilities. This can sometimes involve many parties. For example, if your private network is located in a colocation data centre, you will need to:

Creating your own connection to Cloud Network Providers

  • create a VLAN to the local edge router, lets call it A, of the colocation provider;
  • backhaul via a VLAN to an edge router, lets call it B, of your third party colocation provider in the major data centre provider facility;
  • set-up a cross-connect from edge router B, to the edge router, lets call it C, of the major data centre provider;
  • install a cross-connect from edge router C, to the edge router, lets call it D, of the probable additional cabling provider within the facility;
  • organise a cross-connect from edge router D, to the edge router, lets call it E, of the cloud network provider;
  • enable a Cloud Connect service from edge router E, to the LAN, lets call it F, of the VPC;
  • in each of the steps you will have options for either a port based VLAN or an ID based VLAN, sometimes both, sometimes only one;
  • once all the physical connections have been enabled and tested, then the real fun begins as you have to logically address and apply a routing schema, ordinarily BGP, between your private network and the cloud network provider.


Direct connections generally come in two Ethernet speeds of 1Gbps or 10Gbps. With AWS you then have a CDR, which is carried over the Ethernet capacity, and is a minimum of 10Mbps. The data centre provider charges for the cross connect, while the cloud provider charges for the port, and everyone else charges for backhauls and cabling.

Most cloud providers allow unlimited transfer over direct connect, which brings down the per gigabyte transfer cost. Often the major data centre providers offer shorter terms, such as 1-month commitments. Cross-connects usually carry a 12 month term. Customers can leverage the shorter commitments for short-term projects to transfer lots of data, or to test a new service from a cloud provider.

Connect to Cloud Network Providers with Serviceteam IT

Telco providers are increasingly offering services based on a Cloud Connect model. Capacity (speeds) between 1Gbps and 10Gps are more desirable. Telco providers bundle connectivity to a cloud network provider. More often, these connections are Cloud Connect to the major data centre providers without the complications of cross connects or VLAN type mismatch, robust physical failover and resilience of the route with a cohesive routing schema between the private network to the cloud network provider.

Organisations have a far wider variety of connectivity options. Telco providers can offer Ethernet connection options with MPLS and VPLS to your preferred cloud network provider. This can be delivered as one-to-many, many-to-one or many-to-many. Telco terms don’t always mimic existing WAN commitment lengths, ordinarily 24 or 36 months, as we have contracts with 36 month resilient fibre Ethernet connections and only 12 month Cloud Connect services carried over the resilient fibre Ethernet.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , ,

Office 365 Multi-Factor Authentication | HowTo | 2 of 3

Part One | Part Two | Part Three

Office 365 Multi-Factor Authentication: In Part One of Three I covered:

  • Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

  • Enable modern authentication in Exchange Online

  • Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

The next phase of the process is to enrol the user for Office 365 Multi-Factor Authentication.

Enrol Accounts for Office 365 Multi-Factor Authentication

Once the attribute has been enabled for their account via an administrator, the user now needs to register for . The user should sign in as normal:

  1. Log in to the portal here: https://portal.office.com using using their username and password. Click Sign in:
    Office 365 Multi-Factor Authentication Login Step One

    Login Step One

  2. The user will now see the below asking them to further verify their account. Click Set it up now:
    Office 365 Multi-Factor Authentication Set-Up Step Two

    Exchange Online MFA Set-Up Step Two

  3. The user will now see two drop-down option boxes. The first for the method and the second for location:
    Office 365 Multi-Factor Authentication Verify Step Three

    Office 365 MFA Verify Step Three

  4. I recommend using the Authentication phone option as we will assume the user has no contact details added in their profile. This allows them to select the country and set the number the text or call verification is sent to. Click Select you country or region, select the appropriate one for you. Enter your number to be contacted, the example is 123456789. Select the Send me a code by text message or Call me., the example is text message. Click Contact me:
    Office 365 Multi-Factor Authentication Verify Step Four

    Azure MFA Verify Step Four

  5. You will now be taken to Step 2, confirming that a text message has been sent to the telephone number with the country code you completed in 4 above.
    Office 365 Multi-Factor Authentication Send Text Step Five

    Exchange Online MFA Send Text Step Five

  6. You will receive a text message on your phone within 60 seconds. If you do not receive the verification code text, please check the number displayed in 5 above:
    Office 365 Multi-Factor Authentication Verify Code Step Six

    Office 365 MFA Verify Code Step Six

  7. Use the code from 6 and enter it in to the box, the example below is 373318. Click Verify:
    Office 365 Multi-Factor Authentication Add Code Step Seven

    Azure MFA Add Code Step Seven

  8. You have now verified your identity and will be given an App Password which can be used to access your email using an application, such as the Apple Mail App. I will cover App Passwords in more detail in Part Three. Click Done:
    Office 365 Multi-Factor Authentication Initial App Password Step Eight

    Exchange Online MFA Initial App Password Step Eight

  9. If this was a new user with a temporary password they will need to update their password and Sign in. Enter the Current passwordNew password and Confirm (new) Password:
    Office 365 Multi-Factor Authentication Password Update Step Nine

    Azure MFA Password Update Step Nine

  10. Click Update password and sign in:
    Office 365 Multi-Factor Authentication Password Update Step Ten

    Office 365 MFA Password Update Step Ten

  11. If you have self-service password recovery enabled will now need to enter additional information in order to recover access to your account. Click Next:
    Office 365 Multi-Factor Authentication Password Authorisation Step Eleven

    Azure MFA Password Authorisation Step Eleven

  12. Select the Authentication email Set it up now:
    Office 365 Multi-Factor Authentication Password Authorisation Step Twelve

    Exchange Online MFA Password Authorisation Step Twelve

  13. Enter an email address that you have access to, such as your personal email address. You cannot add any email domains which are associated with your Exchange Online Tenant as this needs to be unique to the user. Click email me:
    Office 365 Multi-Factor Authentication Password Additional Verification Step Thirteen

    Azure MFA Password Additional Verification Step Thirteen

  14. You will now receive a verification code via email to the address you entered in 13:
    Office 365 Multi-Factor Authentication Email Confirmation Step Fourteen

    Office 365 MFA Email Confirmation Step Fourteen

  15. Enter the code you received in 14 in the box, in the example the code is 836919. Click verify:
    Office 365 Multi-Factor Authentication Code Confirmation Step Fifteen

    Azure MFA Code Confirmation Step Fifteen

  16. We now need to set the Authentication phone. Select Verify:
    Office 365 Multi-Factor Authentication Phone Verify Step Sixteen

    Exchange Online MFA Phone Verify Step Sixteen

  17. In this step you will verify the number you used in 4. Click text me:
    Office 365 Multi-Factor Authentication Text Verify Step Seventeen

    Azure MFA Text Verify Step Seventeen

  18. You will receive a text message on your phone within 60 seconds:
    Office 365 Multi-Factor Authentication Text Verify Step Eighteen

    Office 365 MFA Text Verify Step Eighteen

  19. Use the code from 18 and enter it in to the box, in the example the code is 242564. Click Verify:
    Office 365 Multi-Factor Authentication Text Verify Step Nineteen

    Azure MFA Text Verify Step Nineteen

  20. You have now created two forms of verification and your account recovery details. Click finish:
    Office 365 Multi-Factor Authentication Verify Complete Step Twenty

    Exchange Online MFA Verify Complete Step Twenty

Enrol Authenticator App for Azure Multi-Factor Authentication

To enrol your user account for Office 365 Multi-Factor Authentication App and create App Passwords, continue to Part Three.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!

, , , , , , ,

Exchange Online Multi-Factor Authentication | HowTo | 1 of 3

Part One | Part Two | Part Three

Exchange Online Multi-Factor Authentication: We’ve covered the notion of two-factor authentication (2FA) and Exchange Online multi-factor authentication (MFA) before, especially how you MUST enable it for sensitive accounts. I include all IT users, especially those with administrative access, plus any senior management user within the organisation, such as the MD/CEO as their email is sensitive enough to justify Exchange Online Multi-Factor Authentication.

Two-factor authentication (2FA) or multi-factor authentication (MFA) has been available in Office 365 for many years, but you must manually enable it for your users. Microsoft’s Authenticator App for Android, iOS, and Windows Phone means it is simpler than ever to execute MFA by using push notifications for verifying, instead of users typing in six digit codes.

Why use Office 365 & Exchange Online with Azure Multi-Factor Authentication?

The geo-distributed, high availability design of Azure AD means that you can rely on it for your most critical business needs. With the prevalence of smart phones, tablets, laptops, and PCs, people have far too many options on how they are going to connect, and stay connected, at any time. Office 365 Multi-Factor Authentication and Exchange Online Multi-Factor Authentication through Azure Multi-Factor Authentication is an easy to use, scalable, and reliable solution that provides a second method of authentication so your users are always correctly authenticated.

People can securely access their accounts and applications from anywhere, which means that they can get more work done and serve customers better.

  • Two-step verification, which requires more than one method of authentication.This means a critical second layer of security is added when a user signs-in. It works by requiring two or more of the following:
    Something you know, a password for example
    Something you have, typically a trusted device that is not easily duplicated, like a phone
    Something you are, such as biometrics
  • It’s easy to use with a range of verification methods including text message, phone call, mobile app or email to alternate account.
    This means, due to the extra protection that comes with Azure Multi-Factor Authentication, users are able to manage their own devices and authenticate in the way they prefer based upon where they are.
  • Azure Multi-Factor Authentication is simple to set up and use. Once enabled, in many instances it can be set up with just a few simple clicks by the user.
    This means the burden of implementation is reduced and users are keen to adopt.
  • Verification with Azure Multi-Factor Authentication is scalable, using the power of the cloud whilst also optionally integrating with your on-premises Active Directory (AD) and custom applications.
    This means that protection is can be extended to your high-volume, mission-critical services.
  • Azure Multi-Factor Authentication provides strong authentication using the highest possible industry standards.
    This means you are not just secure, but also compliant. You can monitor application usage and protect your business from advanced threats with security reporting and monitoring.
  • With a guaranteed 99.9% Service Level Agreement (SLA) for availability, Azure Multi-Factor Authentication is reliable.
    This means you will always be able to authenticate. The service is considered unavailable when it is unable to receive or process verification requests for the two-step verification.

I use Azure MFA with Microsoft ’s OneDrive for Business, SharePoint Online, Office 2016 desktop Apps (I’m not confessing the use of Outlook 2016), mobile Office apps and Skype for Business all on Mac, Windows 8, Windows 10 and iOS and found no issues. However, there are services that need an App Password or are incompatible, so make sure you review all the software and services in use in your organisation. I’ll cover the use of App Passwords in Part 3 of 3.

It is important to note that previously administrative accounts were unable to use PowerShell with Azure multi-factor authentication enforced for the account. Microsoft recommended creating a special account for each admin user to access PowerShell for Office 365 and Exchange Online and that these accounts should be disabled when not in use. Which is clearly ridiculous, so earlier this year they fixed it with the Exchange Online Remote PowerShell Module! You will need to ensure that Modern Authentication is enabled in your Exchange Online tenant before you can use the module.

You must enable Modern Authentication to support Outlook 2016 and Outlook 2013 clients.

Enable modern authentication in Exchange Online

Modern authentication in Office 365 enables authentication features like multi-factor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers. Modern authentication is based on the Active Directory Authentication Library (ADAL) and OAuth 2.0. By default, modern authentication is NOT enabled in Exchange Online, however, you can enable it:

  1. Connect to Exchange Online PowerShell:
    To enable Windows PowerShell to run signed scripts, run the following command in an elevated Windows PowerShell window (a Windows PowerShell window you open by selecting Run as administrator):

    Set-ExecutionPolicy RemoteSigned 

    You need to configure this setting only once on your computer, not every time you connect.

  2. Run the following command:
    $UserCredential = Get-Credential 

    In the Windows PowerShell Credential Request dialog box, type your Office 365 user name and password, and then click OK.

  3. Run the following command.
    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection 

  4. Run the following command:
    Import-PSSession $Session
  5. Run the following command in Exchange Online PowerShell:
    Set-OrganizationConfig -OAuth2ClientProfileEnabled $true
  6. To verify that the change was successful, run the following command in Exchange Online PowerShell:
    Get-OrganizationConfig | Format-Table -Auto Name,OAuth*

When you enable modern authentication in Exchange Online, Microsoft recommend that you also enable it in Skype for Business Online. For instructions, see SkypeModernAuth. Modern authentication is enabled by default in SharePoint Online.

Office 365 & Exchange Online Multi-Factor Authentication in the Admin Portal

Log in to the Office 365 admin portal here: https://portal.office.com using an administrator account.

1. From the menu on the left of the portal, expand Users and click Active users:

Office 365 Multi-Factor Authentication Admin Portal Step One

Office 365 MFA Admin Portal Step One

2. In the list of users, click the user you want to enable MFA. Only licensed users can use Office 365 Multi-Factor Authentication. On the user’s pane, click Manage multi-factor authentication under More settings:

Exchange Online Multi-Factor Authentication Select User Step Two

Exchange Online MFA Select User Step Two

3. From the multi-factor authentication display, select the user account to enable, and then click Enable under quick steps on the right:

Office 365 Multi-Factor Authentication User Step Three

Office 365 MFA User Step Three

4. In the About enabling multi-factor auth dialog box, click enable multi-factor authentication:

About Enabling Multi-Factor Authentication Step Four

About Enabling Azure MFA Step Four

5. You should see a dialogue with Enabling multi-factor Authentication:

Azure Enabling Multi-Factor Authentication Step Five

Enabling Azure MFA Step Five

6. Click close when you see Updates successful:

Azure Updates Successful Multi-Factor Authentication Step Six

Updates Successful for Azure MFA Step Six

The Multi-Factor Authentication Status column for the user will change to Enabled. Sign out from the admin portal and close the browser window.

Enrol Accounts for Office 365 & Exchange Online Multi-Factor Authentication

To enrol your user account for Office 365 Online Multi-Factor Authentication, continue to Part Two.

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivitycommunicationcontinuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!