{"id":6181,"date":"2014-02-10T12:00:15","date_gmt":"2014-02-10T20:00:15","guid":{"rendered":"http:\/\/www.microsoft.com\/?p=6181"},"modified":"2024-08-09T16:38:21","modified_gmt":"2024-08-09T23:38:21","slug":"multi-factor-authentication-for-office-365","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/microsoft-365\/blog\/2014\/02\/10\/multi-factor-authentication-for-office-365\/","title":{"rendered":"Multi-Factor Authentication for Office 365"},"content":{"rendered":"\n
Editor\u2019s Note: Paul Andrew is a technical product manager on the Office 365 team working on identity.<\/i><\/p>\n\n\n\n Today we\u2019re adding Multi-Factor Authentication for Office 365 to Office 365 Midsize Business, Enterprise plans, Academic plans, Nonprofit plans, and standalone Office 365 plans, including Exchange Online and SharePoint Online. This will allow organizations with these subscriptions to enable multi-factor authentication for their Office 365 users without requiring any additional purchase or subscription.<\/p>\n\n\n\n Multi-factor authentication increases the security of user logins for cloud services above and beyond just a password. With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.<\/p>\n\n\n\n Multi-factor authentication has been available for Office 365 administrative roles since June 2013, and today we\u2019re extending this capability to any Office 365 user. We\u2019re also enhancing the capabilities that have been available since June. We\u2019re adding App Passwords for users so they can authenticate from Office desktop applications as these are not yet updated to enable multi-factor authentication. And we\u2019re enabling users who are authenticated from a federated on-premises directory to be enabled for multi-factor authentication.<\/p>\n\n\n\n This addition of multi-factor authentication is part of our ongoing effort to enhance security for Office 365, and we\u2019re already working on Office desktop application improvements to Multi-Factor Authentication for Office 365, which we\u2019ll introduce later in this post. Office 365 offers many robust built-in security features for all customers and also optional controls that enable subscribers to customize their security preferences.<\/p>\n\n\n\n Let\u2019s take a look at how Office 365 customers can take advantage of multi-factor authentication and configure it, including using App Passwords for Office desktop applications.<\/p>\n\n\n\n After entering your account password, you see a message like this while your phone is being called for acknowledgement.<\/i><\/p>\n\n\n\n Office 365 administrators enroll users for multi-factor authentication through the Office 365 admin center.<\/p>\n\n\n\n On the users and groups page in the Office 365 admin center, you can enroll users for multi-factor authentication by clicking the Set Multi-factor authentication requirements: Set up <\/b>link.<\/i><\/p>\n\n\n\n The multi-factor authentication page lists the users and allows you to enroll a user for multi-factor authentication.<\/i><\/p>\n\n\n\n After a user is enabled for multi-factor authentication, they will be required to configure their second factor of authentication at their next login. Each subsequent login is enforced and will require use of the password and phone acknowledgement.<\/p>\n\n\n\n After being enrolled for multi-factor authentication, the next time a user signs in, they see a message asking them to set up their second authentication factor. <\/i><\/p>\n\n\n\n Any of the following may be used for the second factor of authentication.<\/p>\n\n\n\n Once a user is signed in they can change their second factor of authentication.<\/i><\/p>\n\n\n\n The settings menu is the little cog at the top right of the portal screen. In the settings menu clicking the additional security verification link.<\/p>\n\n\n\n Users who are enrolled for multi-factor authentication are required to configure App Passwords in order to use Office desktop applications, including Outlook, Lync, Word, Excel, PowerPoint, and SkyDrive Pro.<\/p>\n\n\n\n Once an information worker has logged in with multi-factor authentication, they will be able to create one or more App Passwords for use in Office client applications. An App Password is a 16-character randomly generated password that can be used with an Office client application as a way of increasing security in lieu of the second authentication factor.<\/p>\n\n\n\n App Passwords are not available for use with PowerShell access to Office 365, and they can be turned off entirely for the Office 365 tenant for customers who have special security policies.<\/p>\n\n\n\n After you\u2019ve created an App Password for an Office desktop application, such as Outlook, it is indicated in a list in your account.<\/i><\/p>\n\n\n\n Microsoft is continuing to invest in multi-factor authentication scenarios, including Office client integration and smart card certificates. Today\u2019s release of multi-factor authentication does not include a second factor of authentication for Office desktop applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell, and SkyDrive Pro. As we noted in the App Password section above, however, users who have been enrolled for multi-factor authentication currently have an alternative: they can use App Passwords to log in to Office client applications with a higher level of security than a user-selected password.<\/p>\n\n\n\n Soon Office 365 customers will be able to use multi-factor authentication directly from Office 2013 client applications. We\u2019re planning to add native multi-factor authentication for applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell, and OneDrive for Business, with a release date planned for later in 2014. This update includes the current phone-based multi-factor authentication, and it adds capability to integrate other forms of authentication such as: third-party multi-factor authentication solutions and smart cards. Smart card support is planned to include the U.S. Department of Defense (DoD) Common Access Card (CAC) and the U.S. Federal Personal Identity Verification card (PIV), among others. We\u2019ll give you more information about these and more updates closer to release.<\/p>\n\n\n\n
<\/strong>The Office 2013 Windows client update that is mentioned in this post has updated information.<\/em><\/p>\n\n\n\n<\/figure>\n\n\n\n
Multi-Factor Authentication for Office 365<\/h2>\n\n\n\n
<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
<\/figure>\n\n\n\n
\n
<\/figure>\n\n\n\n
App Passwords in Multi-Factor Authentication for Office 365<\/h2>\n\n\n\n
<\/figure>\n\n\n\n
Road map for multi-factor authentication in Office desktop applications<\/h2>\n\n\n\n