Sign up for Office 365
Learn more about Office 365
The Grid is full of Office 365 experts that are brimming with great information. The Grid User Post blog series will expose some of The Grid's best content to the entire Office 365 Community. Are you interested in contributing to The Grid? Click here to apply.
Our latest Grid User Post comes from Roel B.
Recently, Microsoft added yet another great feature to Office 365; multi-factor authentication for online administrators. For many organizations already using Office 365 for business productivity, this is major improvement and a feature requested for a longer period.
Multi-factor authentication is based on the principle of something you know (username and password) combined with something you have (phone) and is initiated during the Office 365 login process. Until recently only Office 365 configured with single sign on functionality could be used for and multifactor authentication by configuring the on-premise Active Directory Federation Services (ADFS) infrastructure. The downside of this scenario is that this functionality would only be available for federated accounts hosted in the on-premise Active Directory (AD) and not for online administrator accounts hosted in the Office 365 cloud. The reason for creating online administrator accounts is to make you are able to login to Office 365, even when the ADFS infrastructure are not available.
Process summary: Enabling multifactor for an online administrator account, requires an administrator to add one on more phone numbers to his (or her) profile. Once connected and verified the administrator will receive an automated phone call after every username and password login. By answering the call and pressing the # key the account is verified and access to Office 365 administration portal is permitted.
Process description: Below is the process of creating a new online administrator account, enabling multifactor authentication to the account and logging in the Office 365 administrator portal.
Free advice: You can also create an online administrator account without multifactor authentication. Enable the user, but keep the password hidden somewhere in a safe. Only this account when the multifactor service is not available for a longer period.
Conclusion: To me this proves Microsoft's dedication for continuous improvement on Office 365, and although this feature is currently still in preview, my results so far are very satisfying.
Office 365 for professionals and small businesses
Office 365 for enterprises
Only use* this account
In a world where all are selling Apps, it's really strange for me that Microsoft provides a multi-factor authentication with a phone call...
I would agree that Apps have become more common place but by doing a phone call, it should handle all business scenarios. For one, not everyone has a smartphone. Second, not every company allows cell phones inside the organization and in these cases it can point to a business phone instead. As an example, if you deal with patient records you are often limited in whether or not you can have a cell phone and these people may still need two factor authentication.
241 Microsoft Team blogs searched, 64 blogs have new articles. 227 new articles found searching from
Here is the latest compilation of key announcements from Microsoft.
Rob York Premier
Would be nice if the multi-factor authentication was made available to regular non-admin users and not just limited to administrators.
対象: 新Office365 Office 365 Enterprise , Office 365 Small Business , Office 365 Midsize Business
I like the additional feature, but enabling it appears to prevent use of ActiveSync with iPhone/iPad/etc (assuming Outlook would "break" also?). Would be good if they added ability to enable it for web-based access, but authorize applications/apps to setup special password to continue to function (similar to how Goolge has implemented it)
I agree Kevin. Googles authentication is flexible and well thought, but i trust that Azure will catch up soon.
@Kevin You're absolutely right. I can't believe that there isn't a solution to this. Enabling two factor auth causes the following issues for me:
iPhone Mail App: Rejects password completely
Sky Drive Pro: Pulls up a login box and then says "There is a problem with your account. Please try again later."
Outlook 2013: Intermittently tells me that I need to sign in.
I am so shocked that they've enabled Two Factor Authentication, but not catered for all their own online services. As @Kevin said, there needs to be a set of special passwords for apps similar to how Google has done it.
I would like to see the ability to trust a device after an initial two-factor login. For example, once I login from my work laptop using two-factor, I would like the option to select the option to trust that device and only login with a password in the future.