Multi-Factor Authentication for Office 365

Multi-Factor Authentication for Office 365

Multi-factor authentication (MFA) is a method of authentication that requires the use of an additional verification method and adds a second form of security to user sign-ins, transactions, and activity. Office 365 offers MFA for all of their programs and we recommend you implement this feature. Not only does this extra method of verification provide maximum security but it allows the Microsoft 365 Admin Center to manage and access all activity from the suite. Here is all of the information our team wants you to know about this level of authentication for Office 365.

“The only thing preventing someone logging in as you or one of your users and spamming all your clients is someone making a 5-second mistake, once. How confident are you that none of your staff will make a mistake that takes only 5 seconds? There are 28,800 5-second blocks in a 40 hour week.”

Andrew Best, ABS Systems Analyst Supervisor
ANDREW BEST
Systems Analyst Supervisor

 

Authentication Methods

MFA requires more than one method of authentication to access the Office 365 suite. Any two or more of the following verification methods will allow you access:

  • Biometric device
  • Phone call
  • Randomly generated pass code
  • Smart card (virtual or physical).

Along with the methods listed above, Office 365 offers the this subset of Azure multi-factor authentication factors as a part of the subscription:

  • Application passwords for non browser clients (for example, the Microsoft Lync 2013 communications software)
  • Default Microsoft greetings during authentication phone call
  • The ability to enable and enforce multi-factor authentication for end users
  • The use of a mobile app (online and one-time password [OTP]) as a second authentication factor
  • The use of a phone call as a second authentication factor
  • The use of a Short Message Service (SMS) message as a second authentication factor.

If you would like to purchase the full Azure Multi-Factor Authentication service, you will receive full functionality of this new version.

Multi-Factor Authentication for Office 365

Cloud-Only Deployment Versus A Hybrid Setup

Each type of deployment option offers a different set of capabilities. If you use the cloud-only option for deployment, you must use Azure Active Directory, a phone call or text message, as your form of MFA. If you manage user identity through a hybrid, on-premises method, you have the following choices for MFA:A physical or virtual smart card (AD FS), Azure AD MFA, or Azure MFA (module for AD FS).

“The following figure shows how the updated Office 2013 device apps (on Windows) enable users to sign in with MFA. TheOffice 2013 device apps support multi-factor authentication through the use of the Active Directory Authentication Library (ADAL). Azure AD hosts a webpage where users can sign in. The identity provider can be Azure AD or a federated identity provider like AD FS.”

Plan for multi-factor authentication for Office 365 Deployments, Microsoft

Multi-Factor Authentication for Office 365

The Software Requirements You Need For MFA

There are different software requirements needed to use multi-factor authentication depending on the type of installation you have, either click-to-run based or MSI-based.

For Click-to-run based installations, you need the following software installed, at either the file version listed or a later version.

  • MSO.DLL (File name) – 15.0.4753.1001 (File Version)
  • CSI.DLL (File name) – 15.0.4753.1000 (File Version)
  • Groove.EXE (File name) – 15.0.4763.1000 (File Version)
  • Outlook.exe (File name) – 15.0.4753.1002 (File Version)
  • ADAL.DLL (File name) – 1.0.2016.624 (File Version)
  • Iexplore.exe (File name) – varies (File Version)

MSI-based installations

For MSI-based installations, you need the following file or a later version installed.

  • MSO.DLL (File name) – 15.0.4753.1001 (File Version)
  • CSI.DLL (File name) – 15.0.4753.1000 (File Version)
  • Groove.exe (File name) – 15.0.4763.1000 (File Version)
  • Outlook.exe (File name) – 15.0.4753.1002 (File Version)
  • ADAL.DLL (File name) – 1.0.2016.624 (File Version)
  • Iexplore.exe (File name) – Not applicable (File Version)

If your file version is not equal to or greater than the file versions listed above for either click-to-run or MSI-based installations, you need to update it accordingly.

For assistance with your Office 365 authentication, let’s talk! If you’re a current MSP customer, contact your TAM directly. We are happy to assist you with this and all of your IT solutions.