What's MFA (Multi-Factor-Authentication)?

The security of two-step verification lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user's password, it is useless without also having possession of the additional authentication method. It works by requiring two or more of the following authentication methods:

Something you know (typically a password)
Something you have (a trusted device that is not easily duplicated, like a phone)
Something you are (biometrics)

Conceptual authentication methods image

Azure Multi-Factor Authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for users. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy to use authentication methods. Users may or may not be challenged for MFA based on configuration decisions that an administrator makes.

What is MFA

Token Lifetime

Why do we need MFA?

Username and Password may be compromised - Enhance security and data protection Authentication leads to Authorization

Office 365

E-Mail - Indentity Theft

SharePoint/Teams/Planner/Skype etc. - Confidential Documents and Knowledgebase

Dynamics365 (i.e. CRM)

Confidential Customer- and Payment Information

Microsoft Azure

productive Environments

How to setup MFA

You're able to setup and reset your options via https://aka.ms/setupmfa, you can remove lost devices or configure new ones for your Office365 account by following the instructions on website.

Following options are available:

Hardware Token (MFA: Token Config)
Mobile App - Microsoft Authenticator (code/notification) (Apple iOS/Google Android)
Mobile Call
Mobile SMS
Business Phone (not recommended)

You can refer this tutorial video on YouTube:

MFA Setup Video Tutorial - Youtube

*** please use a Work/School-Account by adding a new account to your MFA App! ***

Related items:

MFA: Token Config

FAQ

1. Problem: Wenn in der Authenticator APP am Smartphone die Sicherheitseinstellung "App-Sperre" Touch ID erforderlich aktiviert ist, wird die MFA Aktivierung bei jedem Login angefordert.

2. Problem: Ein Benutzer hat nach Erhalt eines neuen Notebooks bei jeder Office 365 Anmeldung eine SMS erhalten. Dieses Verhalten trat bei jedem Browser auf, auf seinem vorherigen Notebook war dies nicht der Fall.

2. Lösung: Wir loggten uns zusammen auf dem Office 365 Portal ein, navigierten zu 'Mein Account > 'Apps und Geräte' > Geräteliste ausgeklappt, dort waren 3 Geräte gelistet, zwei vorherige Geräte und das neue Notebook. Wir haben die alten Geräte gelöscht und das Problem wurde gelöst. https://portal.office.com/account/#

3. Problem: Ich führe die Einrichtung des Tokens oder der App durch und erhalte eine Fehlermeldung "Fehler bei der Überprüfung".

3. Lösung: Manchmal benötigt es 2-3 Versuche bei der Einrichtung, man wiederholt den Vorgang oder probiert es in 1h (neuer Code benötigt!) noch einmal.

1. Solution/Issue: If Authenticator APP on the smartphone has the security setting "App Lock" Touch ID required, the MFA activation will be requested on every login.

2. Problem: One user received a new notebook. Each time he opened office 365 on this notebook he received an sms message with authentication code. This occured on each browser he tried. On his previous notebook these issues didn't exist.

2. Solution: We've logged in to the office 365 portal together, navigated to 'My Account' > 'Apps and Devices' > and unfolded the Devices list. There were three devices listed, two of his previous and his new notebook. We've deleted the two old devices and afterwards the issue was solved. https://portal.office.com/account/#

3. Problem: I am trying to set up the token or app and I get an error message "Error while checking".

3. Solution: Sometimes it takes 2-3 attempts at setup, you repeat the process or try again in 1h (new code requried!).

Welcome

MFA - FAQ