Multi-Factor Authentication (MFA) Setup and End-User Experience with Office 365 and PowerShell
This article is more of a follow up towards an earlier article that I had written for - Enabling/Enforcing Multifactor Authentication for All (Bulk) Users in Office 365.
That article was aimed at IT Professionals who would dive deep into the functionality and are comfortable with PowerShell. This article is aimed at end-users and IT Professionals – to get a glimpse of how would MFA (or multi-factor authentication) experience turn out to be.
Initial Setup (Direct Link to portal: https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx)
Notes: Azure multi-factor authentication is a method of verifying who you are that requires the use of more than just a username and password. Using MFA for Office 365, users are required to acknowledge a phone call, text message, or app notification on their smart phones after correctly entering their passwords. They can sign in only after this second authentication factor has been satisfied.
A form of multi-factor authentication is included with Office 365, but you can also purchase Azure multi-factor authentication that includes extended functionality. For more information, see feature comparison of Azure multi-factor authentication versions.
Set up multi-factor authentication in the Office 365 admin center
Important: All the Office 2016 client applications support multi-factor authentication through the use of the Active Directory Authentication Library (ADAL). This means that app passwords are not required for Office 2016 clients.
- Go to the Office 365 admin center.
- Navigate to Users > Active users. Your screen should look like one of the following:
In the Office 365 admin center, click More > Setup azure multi-factor auth.
Here is the direct link to the MFA management portal for Office 365:
To reset selected users' MFA information.
When you hit enable
For Reference: About enabling multi-factor authentication
Please read the deployment guide if you haven't already. If your users do not regularly sign in through the browser, you can send them to this link to register for multi-factor auth: https://aka.ms/MFASetup
For Reference: How Azure Multi-Factor Authentication works
When you hit "Enforce"
When user attempts to login.
For Reference: Manage your settings for two-step verification
For Reference: How To Set Up Multi-Factor for Your Account
Option 1 - Authentication Phone
Option 2 - Office Phone
Option 3 - Mobile App
I chose to receive my verification code as a text message on the "Authentication Phone" option.
For Reference: Managing your Azure Multi-Factor Authentication User Settings
This is my GENERAL login experience.
Login experience through PowerShell
And I am connected
Technology Solutions Professional, Microsoft