・Since this content is intended to provide general information, it includes initiatives in which we are not involved.
・Photos and images used in the article are images. It may differ from the content provided by the actual product or service.
・The content of this blog is based on the information at the time of publication. Therefore, regarding the content of the product, images and operating procedures may differ from the current version due to version upgrades, etc.
Two-factor authentication is recommended to prevent unauthorized login to e-mail, SNS, etc.
Two-factor authentication is the combination of two authentication methods. With just your set up a password at the individual meeting, go to the settings tab and enable it. This setting will give you an option to set your password, you can easily log in in the unlikely event that it is leaked, but adding two-factor authentication makes it difficult to collect login information and acts as a countermeasure against unauthorized access.
If the Microsoft 365 account that accesses email and cloud storage is hijacked, there is a risk of causing enormous damage such as information leakage and cyber attacks.
Set up two-factor authentication for Microsoft 365 to make your account more secure.
Set up two-factor authentication for Microsoft 365
The steps to add two-step verification in Microsoft 365 vary depending on your account type.
Please check your plan and account type before setting up.
- Personal license: Microsoft account
- Corporate License: Work or School Account
[For individuals] How to set up a Microsoft account
If you’re on a Microsoft 365 individual plan, set up two-step verification on your account page.
- Open Microsoft Account Home ( https://account.microsoft.com/ ) and sign in with your Microsoft account.
- Click Security.
- Click Advanced Security Options.
- In the “Additional Security” section, click “Two-Step Verification – Enable”.
- Follow the instructions on the screen.
Add an authentication method by clicking Add a new way to sign in or verify.
[For corporations] How to set up a work account
For corporate plans, users will be able to add their own verification methods once administrators have enabled two-factor authentication for their users.
Two-factor authentication can be enabled or disabled for each user.
[Administrator] Enable two-factor authentication for users
- Sign in to the Microsoft365 admin center ( https://admin.microsoft.com/ ) with an administrator account .
- Select Users > Active Users.
- Click Multi-Factor Authentication and select the user for whom you want to enable two-factor authentication.
- Click Activate.
- Click Enable multi-factor auth.
With the above Zoom webinar window smaller, other options will move to [ Details ]. There are also new settings, users will be prompted to set up two-factor authentication the next time they log in.
[User] Set up two-factor authentication
- Access Microsoft’s service, enter your email address and password and click “Sign in”.
- If you see a screen that says More Information Required, click Next.
- Select an authentication method. If the default authentication method is the “Microsoft Authenticator” app, clicking “Next” will take you to the app settings screen. If you want to set up another authentication method, select “Set up another method” and proceed with the settings according to the instructions on the screen.
Two-factor authentication for Microsoft 365 is convenient for mobile apps
The following authentication methods are commonly used for two-factor authentication.
- Phone call: Authenticate by receiving an incoming call to a registered phone number
- Send Code: Send verification code to email or SMS
- Mobile app: Authenticate with an app installed on your smartphone or tablet
Mobile app authentication has become mainstream recently.
With this, if you connect an app installed on your smartphone to your account, a notification will be sent to the app when you sign in, and you can log in by approving it.
Authentication is completed just by tapping, so you can log in faster than receiving authentication codes by SMS.
Of course, a notification will also be sent when a third party attempts to log in illegally, so if you do not remember it, you can block the login by rejecting it on the app side.
What is Microsoft Authenticator
“Microsoft Authenticator” is an authentication app for smartphones provided by Microsoft.
There is an iOS/Android version available in the app store or from Microsoft’s official website ( https://www.microsoft.com/en-us/security/mobile-authenticator-app ).
In addition, “Microsoft Authenticator” can be used not only for logging in to Microsoft services, but also for login authentication of other services such as Google accounts and SNS.
How to add a mobile app to two-factor authentication
This is the setting procedure when adding “Microsoft Authenticator” to the authentication method of two-step verification.
- Select “Mobile App” as the authentication method.
- You will be prompted to install the app. If you don’t have the app yet, install it now.
- When you move the computer screen to the next, a QR code will be displayed on the screen.
- Launch the app on your smartphone and tap “+”.
- Choose an account type.
- Tap “Scan QR code” and scan the QR code displayed on your computer screen.
- Click Next on your computer screen.
- When you receive a notification in the app, tap “Approve”.
- The addition is complete when the message “Microsoft Authenticator app has been successfully registered” is displayed.
How to sign in using the mobile app
By using “Microsoft Authenticator”, you can sign in without entering a password when signing in to Microsoft 365.
- Go to Office.com ( https://www.office.com/ ).
- Enter your email address.
- When you receive a notification in the app, launch the app and tap “Approve”.
Advanced multi-factor authentication for corporate licenses
There is “multi-factor authentication” as an authentication method that is more advanced than two-factor authentication.
Two-factor authentication combines two or more authentication methods, while multi-factor authentication combines different factors of authentication to increase security.
- Password (knowledge factor) and smartphone app (possession factor)
- Password (knowledge factor) and fingerprint authentication (biometric factor)
All enterprise licenses can require multi-factor authentication, but with Azure AD Premium included in the higher plans, you can also create policies that reflect your company’s security requirements.
All Microsoft 365 business plans | Microsoft 365 Businss Premium | Microsoft 365 E3 | Microsoft 365 E5 | |
---|---|---|---|---|
security defaults | 〇 | 〇 | 〇 | 〇 |
Conditional access policy | – | 〇 | 〇 | 〇 |
Risk-based conditional access policies | – | – | – | 〇 |
security defaults
It is a mechanism that enforces multi-factor authentication that can be used with Microsoft 365 corporate plans. Enabled by default for tenants created after October 21, 2019.
- Require multi-factor authentication with Microsoft Authenticator for all users
- Users cannot sign in without registering for multi-factor authentication
- Block sign-ins from legacy clients that cannot use multi-factor authentication
Conditional access policy
This function allows you to set the conditions for allowing sign-in.
You can specify detailed conditions for applying multi-factor authentication, such as specific apps and devices used.
Available for plans that include Azure AD Premium P1 (Microsoft 365 Business Premium, Microsoft 365 E3).
Risk-based conditional access policy
An advanced version of the conditional access policy. A function that uses Azure AD Identity Protection to set conditions for applying multi-factor authentication according to the risk level.
You can set it up with a plan that includes Azure AD Premium P2 (Microsoft 365 E5).
Article Summary
- Microsoft 365 individual plans can set two-step verification from the account page
- For corporate plans, administrators enable 2-step verification and users add their own authentication
- Mobile app is a convenient authentication method
- You can also enforce two-factor authentication on corporate plans.
- Multi-factor authentication application policy creation is possible with a higher plan for corporations
With Microsoft 365, you can choose a plan depending on the level of security you want.
If you are looking for the best plan that matches your budget, number of people, and security requirements, please contact NEC Networks & System Integration Corporation.