Microsoft Turns On Multifactor Authentication For Office 365

Microsoft has tightened up the security for users of its Office 365 cloud service, after switching on multifactor authentication.

Redmond made the move in order to avoid the high-profile security breaches that have plagued rival cloud services, but also because Office 365 accounts are likely to contain sensitive corporate information.

Password Security

The security measure is no longer the exclusive domain of administrators, said Paul Andrew, an Office 365 technical product manager. “Multifactor authentication has been available for Office 365 administrative roles since June 2013, and today we’re extending this capability to any Office 365 user,” he wrote in a 10 February blog post.

“Today, we’re adding Multi-Factor Authentication for Office 365 to Office 365 Midsize Business, Enterprise plans, Academic plans, Nonprofit plans, and standalone Office 365 plans, including Exchange Online and SharePoint Online,” said Andrew. The expansion “will allow organisations with these subscriptions to enable multifactor authentication for their Office 365 users without requiring any additional purchase or subscription.”

The move is part of a broader effort by the company to harden its cloud services slate. In June 2013, Microsoft announced that it was bringing multifactor authentication, based on technology from its PhoneFactor acquisition, to Windows Azure Active Directory (AD) services, enabling users to securely access their accounts with additional credentials supplied by an app or Short Message Service text.

Microsoft officially launched the new feature in September. Scott Guthrie, now the new cloud chief at Microsoft, said at the time in a statement that organisations could finally leverage multifactor authentication to provide an extra layer of security for “Windows Azure, Office 365, Intune, Dynamics CRM and any third-party cloud service that supports Windows Azure Active Directory,” plus custom applications.

Breach Risk

In recent years, online service providers have been rocked by breaches that have caused security-conscious enterprises to regard the cloud suspiciously.

Dropbox, a popular cloud storage company, rolled out two-step authentication in 2012 after a breach that made user data susceptible to snoops. Twitter followed suit in 2013 after major accounts had been hacked. Security researchers said the recent Yahoo Mail breach would have been a non-event for users had they switched on the service’s multifactor authentication options.

Microsoft is also looking to extend multifactor authentication to Office 365 client apps. Noting that users currently have a workaround by configuring App Passwords to secure their desktop apps, Andrew revealed that soon, “Office 365 customers will be able to use multifactor authentication directly from Office 2013 client applications.”

“We’re planning to add native multifactor authentication for applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell and OneDrive for Business, with a release date planned for later in 2014,” he added. The update will supplement phone-based authentication with support for third-party solutions and smart cards that conform to the US Department of Defense Common Access Card (CAC) and US Federal Personal Identity Verification card (PIV) security standards.

Are you a security guru? Try our quiz!

Originally published on eWeek.

Pedro Hernandez

Pedro Hernandez covers Microsoft products and services, such as Office, Windows, Windows Phone, Azure and Skype.

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

2 days ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

2 days ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

2 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

3 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

3 days ago