When it comes to data security, two-factor authentication is on the first line of defense. After implementing a strong password on your devices, the next best thing you can do is enable two-factor authentication to ensure that the only people accessing information are the people it belongs to. With Microsoft 365 - and most Microsoft products in general - there are a ton of security features baked right into the various products. And two-factor authentication is one of them, although it does need to be set-up for use.
But how does it all work, and where does it actually come into play?
First, we’re going to start with some basics.
What Is Two-Factor Authentication?
Glad you asked! Two-factor authentication pops up in quite a few instances within the Microsoft suite of products and is truly an integral part of any strong data security plan. In the most basic terms, this authentication method requires a user to confirm their identity twice using something they know (typically the password or a PIN) and then something they have or something they are (an additional PIN, an answer to a secondary security question, a fingerprint reading, etc.) in order to gain access to a application or account. There are a number of ways this can be accomplished:
- Knowledge Authentication - This method seeks the answer to questions aside from your username and password, such as the infamous “mother’s maiden name” or “who was your first grade best friend?”
- Pattern Authentication - You must identify a series of letters, numbers, phrases, or objects in a scrambled image. These don’t necessarily prove that you’re you, but they do prove that you’re a human and not a bot, which is often just as important. Pattern authentication is also often times paired with another form of authentication.
- Physical Authentication - Similar to having to present your ID, physical authentication requires the user to present information that they must physically carry around on them, such as an ATM card. It used to be popular for two-factor authentication to require a fob that was carried around by the user - the fob would generate a random code that needed to be entered in order to gain access. Now you’re much more likely to have an app on your mobile device that does something similar (Microsoft uses Authenticator) or receive a text message or phone call containing the code.
What Is Microsoft 365?
When we say “Microsoft 365” it’s not a typo and we aren’t using a shorthand for “Microsoft Office 365.” Microsoft recently launched Microsoft 365 - a business and enterprise-level product offering that encompasses their entire universe. By purchasing licenses to Microsoft 365, organizations get access to Windows 10 Pro, Office 365, Exchange, file storage via OneDrive and a number of other features and applications. In that sense, Microsoft 365 isn’t a product itself, but rather a large suite of products bundled together in various tiers and configurations. It’s within the specific products that the two-factor authentication actually comes into play.
How Does Microsoft Implement Two-Factor Authentication?
Two-factor authentication isn’t something that’s implemented “out of the box.” Instead, it’s a feature that needs to be enabled on a user-basis via Azure Active Directory (as part of any Office 365 subscription) Although it’s a feature that isn’t automatic, it is one that is highly recommended. You can enable this feature for individual users, for example only those that routinely use another device to access their email, or for everyone in the organization.
Are you interested in learning more about how to better secure your organization’s data? Download our whitepaper, Security In Layers, today.