public:faq:office-365-mfa
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
public:faq:office-365-mfa [2020/05/12 14:11] ronnie.chan created |
public:faq:office-365-mfa [2020/05/12 14:34] (current) ronnie.chan |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== Office 365 Multi-Factor Authentication (MFA) ====== | ====== Office 365 Multi-Factor Authentication (MFA) ====== | ||
| - | **Multi-factor authentication (MFA)** is a method of authentication that requires the use of more than one verification method and adds a second layer of security to user sign-ins and transactions. It works by requiring any two or more of the following verification methods: | + | **Multi-factor authentication (MFA)** is a method of authentication that requires the use of more than one verification method and adds a second layer of security to user sign-ins and transactions. It works by requiring any two or more of the following verification methods. |
| - | - Authentication phone (SMS) - [**Send me a code by text message**]\\ | + | ===== 1. Verification methods ===== |
| - | {{:authentication_phone_sms.jpg}} | + | |
| - | - Authentication phone (Mobile Phone Call) - [**Call Me**]\\ | + | ==== 1.1 Authentication phone (SMS) ==== |
| - | {{:authentication_phone_mobile_phone_call.jpg}} | + | |
| - | - **Office phone call**\\ | + | === 1.1.1 Send me a code by text message === |
| - | {{:office_phone_call.jpg}} | + | |
| - | - Mobile app (Notification) - [**Receive notifications for verification**]\\ | + | {{public:faq:authentication_phone_sms.jpg?600}} |
| - | {{:mobile_app_notification.jpg}} | + | |
| - | - Mobile app (Verification Code) - [**Use verification code**] \\ | + | === 1.1.2 Call Me === |
| - | {{:mobile_app_verification_code.jpg}} | + | |
| + | {{public:faq:authentication_phone_mobile_phone_call.jpg}} | ||
| - | ===== Set up multi-factor authentication in Microsoft 365 admin center ===== | + | ==== 1.2 Office phone call ==== |
| - | 1.In the Office 365 Main Menu, click the **Admin Center** icon, go to Users > Active users. | + | |
| - | * {{:admin_icon.jpg?700|}} | + | |
| - | * {{:active_users.jpg?700|}} | + | {{public:faq:office_phone_call.jpg}} |
| - | 2. When Using **Preview Mode** - On the tab Menu, click the **triple dot (...)** button (after "↓Export Users") > **Setup Multifactor authentication**. | + | ==== 1.3 Mobile app (Notification) ==== |
| - | * {{:setupmfa.jpg?700|}} \\ \\ When Using **Classic Mode** - On the tab Menu, click "More" Dropdown list (beside "+Add a user") > **Multifactor Authentication setup**. | + | |
| - | * {{:setupmfaclassic.jpg?700|}} | + | === 1.3.1 Receive notifications for verification === |
| + | |||
| + | {{public:faq:mobile_app_notification.jpg}} | ||
| + | |||
| + | === 1.3.2 Use verification code === | ||
| + | |||
| + | {{public:faq:mobile_app_verification_code.jpg}} | ||
| + | |||
| + | |||
| + | ===== 2. Set up multi-factor authentication in Microsoft 365 admin center ===== | ||
| + | |||
| + | 2.1.In the Office 365 Main Menu, click the **Admin Center** icon, go to Users > Active users. | ||
| + | |||
| + | {{public:faq:admin_icon.jpg?700|}} | ||
| + | |||
| + | {{public:faq:active_users.jpg?700|}} | ||
| + | |||
| + | 2.2a. When Using **Preview Mode** - On the tab Menu, click the **triple dot (...)** button (after "↓Export Users") > **Setup Multifactor authentication**. | ||
| + | |||
| + | {{public:faq:setupmfa.jpg?700|}} | ||
| + | |||
| + | 2.2b. When Using **Classic Mode** - On the tab Menu, click "More" Dropdown list (beside "+Add a user") > **Multifactor Authentication setup**. | ||
| + | |||
| + | {{public:faq:setupmfaclassic.jpg?700|}} | ||
| <WRAP info> | <WRAP info> | ||
| Line 34: | Line 50: | ||
| </WRAP> | </WRAP> | ||
| - | * {{:mfapage.jpg?700|}} | + | {{public:faq:mfapage.jpg?700|}} |
| - | 3. Search for the account to be used for MFA Setup (Used the given accounts, search for "o365"). | + | 2.3. Search for the account to be used for MFA Setup (Used the given accounts, search for "o365"). |
| - | * {{:searchaccountformfa.jpg?700|}} | + | |
| - | 4. Click the account that you want to enable MFA. | + | {{public:faq:searchaccountformfa.jpg?700|}} |
| - | * {{:selectaccountformfa.jpg?700|}} | + | 2.4. Click the account that you want to enable MFA. |
| - | <WRAP info> | + | {{public:faq:selectaccountformfa.jpg?700|}} |
| - | * There are 3 Multi-factor Auth Status that can be viewed based on the MFA state of the users: | + | |
| - | * Disable, Enable and Enforce buttons can be found under the wording **"quick steps"**: | + | 2.5. There are 3 Multi-factor Auth Status (Disable, Enable and Enforce) can be viewed based on the MFA state of the users. \\ Disable, Enable and Enforce buttons can be found under the wording **"quick steps"**. |
| - | * * ''**Disabled**'' - This is the default state for any user who is not enrolled in MFA. This means the user is not using MFA and the non-browser apps remain unaffected. | + | **Disabled** - This is the default state for any user who is not enrolled in MFA. This means the user is not using MFA and the non-browser apps remain unaffected. |
| - | * * {{:clickdisable.jpg?400|}} ⇒⇒ {{:disablesuccessful.jpg?400|}} | + | |
| - | * * ''**Enabled**'' - In this state, the user is enrolled in MFA, but the changes have not taken effect. When users sign in the next time, they’ll be prompted to set up an additional verification method. Here too, nonbrowser apps remain unaffected until the setup is complete. | + | {{public:faq:clickdisable.jpg?400|}} ⇒⇒ {{public:faq:disablesuccessful.jpg?400|}} |
| - | * * {{:clickenable.jpg?400|}} ⇒⇒ {{:enablesuccessful.jpg?400|}} | + | |
| - | * * ''**Enforced**'' - User is enrolled in MFA and has completed the registration process. In this state, every login requires a secondary authentication. Non-browser apps will not work until app passwords are created and entered at the time of login. | + | **Enabled** - In this state, the user is enrolled in MFA, but the changes have not taken effect. When users sign in the next time, they’ll be prompted to set up an additional verification method. Here too, nonbrowser apps remain unaffected until the setup is complete. |
| - | * * {{:clickenforce.jpg?400|}} ⇒⇒ {{:enforcesuccessful.jpg?400|}} | + | |
| - | </WRAP> | + | {{public:faq:clickenable.jpg?400|}} ⇒⇒ {{public:faq:enablesuccessful.jpg?400|}} |
| - | ===== Verification Methods ===== | + | **Enforced** - User is enrolled in MFA and has completed the registration process. In this state, every login requires a secondary authentication. Non-browser apps will not work until app passwords are created and entered at the time of login. |
| - | ==== Authentication by phone (SMS) ==== | + | {{public:faq:clickenforce.jpg?400|}} ⇒⇒ {{public:faq:enforcesuccessful.jpg?400|}} |
| - | 1. Set the Multi-Factor Auth Status of the user/account to **Enabled**. \\ | + | |
| - | * {{:accountenable.jpg?700|}} | + | |
| - | 2. Go to **OWA site**, login the user/account. | ||
| - | * {{:loginaccount.jpg?350|}} ⇒{{:passwordaccount.jpg?350|}} ⇒ {{:moreinfonext.jpg?350|}} | ||
| - | 3. Select "**Authentication Phone**", Enter Country or Region, Enter Mobile Phone number.\\ | + | ===== 3. Verification ===== |
| + | |||
| + | ==== 3.1 Authentication phone (SMS) ==== | ||
| + | 3.1.1. Set the Multi-Factor Auth Status of the user/account to **Enabled**. \\ | ||
| + | * {{public:faq:accountenable.jpg?700|}} | ||
| + | |||
| + | 3.1.2. Go to **OWA site**, login the user/account. | ||
| + | * {{public:faq:loginaccount.jpg?350|}} ⇒{{public:faq:passwordaccount.jpg?350|}} ⇒ {{public:faq:moreinfonext.jpg?350|}} | ||
| + | |||
| + | 3.1.3. Select "**Authentication Phone**", Enter Country or Region, Enter Mobile Phone number.\\ | ||
| --. Select "**Send me a code by text message**" as Method. Click **Next** Button. | --. Select "**Send me a code by text message**" as Method. Click **Next** Button. | ||
| - | * {{:authenticationphonesms.jpg?700|}} | + | * {{public:faq:authenticationphonesms.jpg?700|}} |
| - | 4. The App will send an SMS for the code and will use for Microsoft verification. \\ | + | 3.1.4. The App will send an SMS for the code and will use for Microsoft verification. \\ |
| --. Enter **Verification code** from SMS. Click **Verify** Button. \\ | --. Enter **Verification code** from SMS. Click **Verify** Button. \\ | ||
| --. Copy the **App Password** then click **Done**. | --. Copy the **App Password** then click **Done**. | ||
| - | * {{:smsauthentication.jpg?350|}} ⇒ {{:smsauthentication2.jpg?350|}} ⇒ {{:apppasswordpage.jpg?450|}} | + | * {{public:faq:smsauthentication.jpg?350|}} ⇒ {{public:faq:smsauthentication2.jpg?350|}} ⇒ {{public:faq:apppasswordpage.jpg?450|}} |
| - | 5. When user will try to re-login, the App will send another SMS having the code for Microsoft verification. \\ | + | 3.1.5. When user will try to re-login, the App will send another SMS having the code for Microsoft verification. \\ |
| - | * {{:reloginsmssent.jpg?350|}} ⇒ {{:reloginsmsverification.jpg?350|}} ⇒ {{:office365mainscreen.jpg?400|}} | + | * {{public:faq:reloginsmssent.jpg?350|}} ⇒ {{public:faq:reloginsmsverification.jpg?350|}} ⇒ {{public:faq:office365mainscreen.jpg?400|}} |
| - | 6. The Multi-Factor Auth Status is now turned to **Enforced**. \\ | + | 3.1.6. The Multi-Factor Auth Status is now turned to **Enforced**. \\ |
| - | * {{:nowenforced.jpg?700|}} | + | * {{public:faq:nowenforced.jpg?700|}} |
| - | ==== Authentication by phone (Mobile Phone Call) ==== | + | ==== 3.2 Authentication phone (Mobile Phone Call) ==== |
| - | 1. Set the Multi-Factor Auth Status of the user/account to **Enabled**. \\ | + | 3.2.1. Set the Multi-Factor Auth Status of the user/account to **Enabled**. \\ |
| - | * {{:accountenable.jpg?700|}} | + | * {{public:faq:accountenable.jpg?700|}} |
| - | 2. Go to **OWA site**, login the user/account. | + | 3.2.2. Go to **OWA site**, login the user/account. |
| - | * {{:loginaccount.jpg?350|}} ⇒{{:passwordaccount.jpg?350|}} ⇒ {{:moreinfonext.jpg?350|}} | + | * {{public:faq:loginaccount.jpg?350|}} ⇒{{public:faq:passwordaccount.jpg?350|}} ⇒ {{public:faq:moreinfonext.jpg?350|}} |
| - | 3. Select "**Authentication Phone**", Enter Country or Region, Enter Mobile Phone number.\\ | + | 3.2.3. Select "**Authentication Phone**", Enter Country or Region, Enter Mobile Phone number.\\ |
| --. Select "**Call Me**" as Method. Click **Next** Button. | --. Select "**Call Me**" as Method. Click **Next** Button. | ||
| * {{:authentication_phone_mobile_phone_call2.jpg?700|}} | * {{:authentication_phone_mobile_phone_call2.jpg?700|}} | ||
| - | 4. The App will call the mobile number for Microsoft verification. \\ | + | 3.2.4. The App will call the mobile number for Microsoft verification. \\ |
| --. Answer the call then click **Pound (#)** key. \\ | --. Answer the call then click **Pound (#)** key. \\ | ||
| --. Copy the **App Password** then click **Done**. | --. Copy the **App Password** then click **Done**. | ||
| - | * {{:phonecall1.jpg?200|}} ⇒ {{:answercallnotif.jpg?350|}} ⇒ {{:apppasswordpage.jpg?550|}} | + | * {{public:faq:phonecall1.jpg?200|}} ⇒ {{public:faq:answercallnotif.jpg?350|}} ⇒ {{public:faq:apppasswordpage.jpg?550|}} |
| - | 5. When user will try to re-login, the App will call the mobile phone again for Microsoft verification. \\ | + | |
| - | * {{:phonecall1.jpg?200|}} ⇒ {{:recallverification.jpg?350|}} ⇒ {{:office365mainscreen.jpg?400|}} | + | 3.2.5. When user will try to re-login, the App will call the mobile phone again for Microsoft verification. \\ |
| - | 6. The Multi-Factor Auth Status is now turned to **Enforced**. \\ | + | * {{public:faq:phonecall1.jpg?200|}} ⇒ {{public:faq:recallverification.jpg?350|}} ⇒ {{public:faq:office365mainscreen.jpg?400|}} |
| - | * {{:nowenforced.jpg?700|}} | + | |
| + | 3.2.6. The Multi-Factor Auth Status is now turned to **Enforced**. \\ | ||
| + | * {{public:faq:nowenforced.jpg?700|}} | ||
| - | ===== Notes ===== | + | ===== 4. Notes ===== |
| - | ==== Office 365 settings changes would NOT immediately reflect in CloudBacko ==== | + | ==== 4.1 Office 365 settings changes would NOT immediately reflect in CloudBacko ==== |
| - This is known during testing. The settings changed in Office 365 would NOT immediately take effect (This is a limitation in Microsoft). For example, the change of MFA status, App Password etc. in Office 365 needs some time to take effective. This is very uncommon in real life scenario that the settings in Office 365 were changed and customers immediately work with Office 365 backup sets in CloudBacko. | - This is known during testing. The settings changed in Office 365 would NOT immediately take effect (This is a limitation in Microsoft). For example, the change of MFA status, App Password etc. in Office 365 needs some time to take effective. This is very uncommon in real life scenario that the settings in Office 365 were changed and customers immediately work with Office 365 backup sets in CloudBacko. | ||
| - False alarm could be raised if unexpected behaviour were seen in CloudBacko after settings in Office 365 changes and not yet take effective. Please retry after the settings changed in Office 365 took effective. | - False alarm could be raised if unexpected behaviour were seen in CloudBacko after settings in Office 365 changes and not yet take effective. Please retry after the settings changed in Office 365 took effective. | ||
public/faq/office-365-mfa.1589263892.txt.gz · Last modified: 2020/05/12 14:11 by ronnie.chan
Page Tools
