Security Recommendation – How to enable MFA multi-factor authentication in Microsoft 365

Security Recommendation – How to enable MFA multi-factor authentication in Microsoft 365

“User spoofing” is the ability of a hacker to obtain a user’s credentials in order to harm that user and their acquaintances. From hard drive encryption, to capturing financial data, to sending viruses to other acquaintances, the list is long with Microsoft Development Services.

As a result of the pandemic and the need to implement remote work widely, more and more organizations work and share confidential information from the cloud, so capturing a user’s credentials would put corporate information at risk.

Therefore, in addition to following basic cybersecurity guidelines, we recommend that all our Microsoft 365 customers and users activate reasonable security measures that allow access to a higher level of control of personal and corporate data.

One of the advantages of having Microsoft 365 services is its Multifactor System (MFA) , as is the case with other applications such as Gmail, Facebook, etc. that also incorporate double authentication systems.

How does MFA affect the Microsoft 365 user?

Once the mail administrator activates the MFA system for all Microsoft 365 users in the organization, the first time the user connects, they will have to fill in some additional contact information : mobile phone, maybe a second contact email, … and finally you will be asked if you want to do the MFA through an installable application on your mobile, called Microsoft Authenticator ( recommended option ).

Steps to follow to enable MFA authentication

Steps to configure your security information immediately after logging in with your work account can be found at the following link: Setting security information from a login prompt .

After you record this data, each time you access a tool related to your Microsoft 365 user, you’ll be prompted to verify the action.

Some examples:

When you use a third party’s computer and want to read your email. The first step will be to access WebOutlook and enter your credential, which the system will then verify through an SMS or from the mobile application, depending on the authentication option you have chosen.
When you set up your Outlook, the first time you verify the user, it will ask for authentication. Later, when Outlook is opened again, it will no longer ask for such verification.
If your computer is a trusted computer and you have told your browser to save your credentials, it will no longer ask you to verify your username.
When you first set up Teams, it will prompt you for verification, after which it won’t.
What advantages does MFA activation offer?
Well, if you’ve accidentally fallen into a trap and disclosed your credentials, they won’t be able to use it because they won’t be able to bypass the user’s MFA verification.

In the event of loss or theft, those who have Microsoft 365 Premium licenses can also remotely encrypt or delete data from their equipment: laptop, mobile device, tablet, Mac, etc.

We know that at first it can be a hassle for the user, but this system is a good way to guarantee the integrity of personal data and that of the organization.