Microsoft Turns On Multifactor Authentication For Office 365

Microsoft has tightened up the security for users of its Office 365 cloud service, after switching on multifactor authentication.

Redmond made the move in order to avoid the high-profile security breaches that have plagued rival cloud services, but also because Office 365 accounts are likely to contain sensitive corporate information.

Password Security

The security measure is no longer the exclusive domain of administrators, said Paul Andrew, an Office 365 technical product manager. “Multifactor authentication has been available for Office 365 administrative roles since June 2013, and today we’re extending this capability to any Office 365 user,” he wrote in a 10 February blog post.

“Today, we’re adding Multi-Factor Authentication for Office 365 to Office 365 Midsize Business, Enterprise plans, Academic plans, Nonprofit plans, and standalone Office 365 plans, including Exchange Online and SharePoint Online,” said Andrew. The expansion “will allow organisations with these subscriptions to enable multifactor authentication for their Office 365 users without requiring any additional purchase or subscription.”

The move is part of a broader effort by the company to harden its cloud services slate. In June 2013, Microsoft announced that it was bringing multifactor authentication, based on technology from its PhoneFactor acquisition, to Windows Azure Active Directory (AD) services, enabling users to securely access their accounts with additional credentials supplied by an app or Short Message Service text.

Microsoft officially launched the new feature in September. Scott Guthrie, now the new cloud chief at Microsoft, said at the time in a statement that organisations could finally leverage multifactor authentication to provide an extra layer of security for “Windows Azure, Office 365, Intune, Dynamics CRM and any third-party cloud service that supports Windows Azure Active Directory,” plus custom applications.

Breach Risk

In recent years, online service providers have been rocked by breaches that have caused security-conscious enterprises to regard the cloud suspiciously.

Dropbox, a popular cloud storage company, rolled out two-step authentication in 2012 after a breach that made user data susceptible to snoops. Twitter followed suit in 2013 after major accounts had been hacked. Security researchers said the recent Yahoo Mail breach would have been a non-event for users had they switched on the service’s multifactor authentication options.

Microsoft is also looking to extend multifactor authentication to Office 365 client apps. Noting that users currently have a workaround by configuring App Passwords to secure their desktop apps, Andrew revealed that soon, “Office 365 customers will be able to use multifactor authentication directly from Office 2013 client applications.”

“We’re planning to add native multifactor authentication for applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell and OneDrive for Business, with a release date planned for later in 2014,” he added. The update will supplement phone-based authentication with support for third-party solutions and smart cards that conform to the US Department of Defense Common Access Card (CAC) and US Federal Personal Identity Verification card (PIV) security standards.

Are you a security guru? Try our quiz!

Originally published on eWeek.

Pedro Hernandez

Pedro Hernandez covers Microsoft products and services, such as Office, Windows, Windows Phone, Azure and Skype.

Recent Posts

Spyware Maker NSO Group Found Liable In US Court

Landmark ruling finds NSO Group liable on hacking charges in US federal court, after Pegasus…

2 days ago

Microsoft Diversifying 365 Copilot Away From OpenAI

Microsoft reportedly adding internal and third-party AI models to enterprise 365 Copilot offering as it…

2 days ago

Albania Bans TikTok For One Year After Stabbing

Albania to ban access to TikTok for one year after schoolboy stabbed to death, as…

3 days ago

Foldable Shipments Slow In China Amidst Global Growth Pains

Shipments of foldable smartphones show dramatic slowdown in world's biggest smartphone market amidst broader growth…

3 days ago

Google Proposes Remedies After Antitrust Defeat

Google proposes modest remedies to restore search competition, while decrying government overreach and planning appeal

3 days ago

Sega Considers Starting Own Game Subscription Service

Sega 'evaluating' starting its own game subscription service, as on-demand business model makes headway in…

3 days ago