Cloud Services, rightly, throw up a number of questions around security and Microsoft always seem to be making improvements to the, already substantial, security of Office 365.
A recent one is the availability of Multi-Factor Authentication (MFA) for all Office 365 users. This has been available for admins since June 2013 but has now rolled out across the board.
With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.
This will be very similar to the process already in place for Microsoft Accounts, when you sign into a new device and you receive a confirmation text.
Admins can set MFA for some/all users in the admin console, as you’d expect.
The second authentication factor options are:
- Call my mobile
- Text my mobile
- Call my Office phone
- Notify me through app
- Show one-time code in app
Currently this isn’t available with the desktop apps of Office 2013 so MS have introduced App Passwords to help increase the security here.
Once an information worker has logged in with multi-factor authentication, they will be able to create one or more App Passwords for use in Office client applications. An App Password is a 16-character randomly generated password that can be used with an Office client application as a way of increasing security in lieu of the second authentication factor.
It’s interesting to see that Microsoft are continuing to invest in MFA with Office desktop applications, and so App Passwords will be only a temporary method.
We’re planning to add native multi-factor authentication for applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell, and OneDrive for Business, with a release date planned for later in 2014. This update includes the current phone-based multi-factor authentication, and it adds capability to integrate other forms of authentication such as: third-party multi-factor authentication solutions and smart cards.
Multi Factor Authentication with desktop apps isn’t something I’ve really though about to be honest, but as ever more data is accessed via Office and desktops, it certainly makes sense.
Read more about Office 365 & MFA here: