Implementing MFA for all Microsoft 365 Users within your business
To improve the level of Microsoft 365 security our IT Support customers have, we strongly encourage everyone to implement Microsoft 365 MFA (Multi-Factor Authentication).
MFA helps to protect your users, as well as your data and systems. It will reduce the amount of cyber and phishing attacks you will fall victim to and reduce the cost and impact on productivity associated with them.
This page explains what MFA is and exactly how to implement it.
What is MFA?
In order to improve the level of Microsoft 365 security our IT Support customers have, we are strongly encouraging everyone to implement Microsoft 365 MFA (multi factor authentication).
MFA will protect your users, as well as your data and systems. It will reduce the amount of cyber and phishing attacks you will fall victim to and reduce the cost and impact on productivity associated with them.
This page explains what MFA is and exactly how to implement it.
Why do I need MFA?
There are more than 135 million commercial monthly users of Microsoft 365 making your staff a hot target for attacks. Microsoft 365 email attacks are prolific and give the hacker access to an email account which can then be used to spear phish other accounts. This kind of attack can be prevented with the use of multi-factor authentication.
Popular phishing attacks are leading Microsoft 365 users to malicious web pages, designed to look like the Microsoft 365 login page, where they will be asked to provide their Microsoft 365 login username and password, thus giving access to the hackers. This type of attack is used to gain access to a Microsoft 365 account from which they will launch additional attacks.
Typically, the first sign you have been the victim of a phishing attack is when hundreds of your contacts (personal, suppliers, customers) let you know you have sent them malicious emails. This can be both embarrassing and reputation-damaging. You may have to report the data breach to the ICO and you could face potential fines for not taking appropriate measures to protect your data.
Other consequences of being phished and a cyber attacker accessing your data or systems is that they could sell your data on the dark web to other criminals who wish to do additional damage such as upload ransomware to your systems, locking them until you pay them. The cost of the ransom and the resulting downtime of your business is likely to be catastrophic and not something most SMEs are able to recover from.
MFA can save a day
Microsoft 365 multi-factor authentication makes it very difficult for anyone, other than the user, to access the account as the hacker would require the additional second factor of authentication – significantly reducing the likelihood of a successful phishing attack.
Without the introduction of MFA, your business is vulnerable to phishing attacks that could lead to your entire business’s data being leaked to criminals for financial gain and will result in your business suffering costly downtime.
Installing Microsoft MFA
Here are the step by step instructions to set up Microsoft MFA.
Or if you would prefer to do this with the support of our IT Helpdesk, simply call 01283 753 300 or email support@neuways.com
1
When you have been advised that multi-factor authentication (MFA) has been enabled on your account go to https://portal.office.com and login with your email address and email password.
We recommend doing this initial setup via a In private / Incognito browser session.
2
Once you have entered your sign in credentials, the following screen will then appear.
Click ‘Next’.
3
At this point, depending on when your Microsoft 365 tenant was created, the MFA setup experience will vary. Please check your screen and then following the instructions below for either MFA Guide Method 1 or MFA Guide Method 2, depending on which is applicable for your tenant.
MFA Set Up Guide Method 1
1
If you are presented with the screen below then please continued to follow the MFA Guide Version 1 instructions below. If you do not see this screen, please skip to the section titled MFA Guide Version 2 later in this document.
2
You will be asked to download the Microsoft Authenticator App which can be obtained from Google Play Store or Apple App Store. These instructions below are for using the Microsoft Authenticator App (recommended).
You can use a different authenticator app or use an alternative method for security verification (instructions not provided). If you require assistance with these methods, please contact Neuways support at support@neuways.com
Once you have downloaded and installed the Authenticator app click on Next to get started.
3
Click next to continue and you will be presented with “Scan the QR Code”.
4
Using the Microsoft Authenticator App on your phone, you need to select Add Account and then select Work or School Account, followed by selecting Scan a QR Code.
Hold the phone’s scan window up to the QR code until it captures the code and adds the account into your authenticator app.
When you have completed this step click on Next to continue.
5
You will receive a Push Notification to your phone’s Authenticator App, asking you to approve verification, click Approve on your phone.
You will then see the Notification approved message on your screen as shown below.
6
Click on next to continue and you will see the Success! message confirming you have successfully set up Multi-Factor Authentication for your account.
If you receive a phone prompt when you are not logging into Microsoft 365 please advise Neuways support immediately on 01283 753 300.
Or if you would prefer to implement MFA with the support of our IT Helpdesk, simply call 01283 753 300 or open a ticket by emailing support@neuways.com
MFA Set Up Guide Method 2
1
Click on next to continue and you will see the Success! message confirming you have successfully set up Multi-Factor Authentication for your account.
2
We recommend you select Mobile App from the drop down and chose Receive notifications for verification.
3
Click set up to begin the Mobile App Verification process by following the Configure mobile app instructions.
4
When you have completed the Mobile App Setup click next to proceed.
5
You will receive a notification on your mobile phone asking you to approve sign-in. Once approved you will then be prompted for additional security verification that can be used as an alternative method to the mobile app.
We recommend you enter your mobile phone number at this point.
Once you have entered your number click next and click on Finished.
MFA Set Up Guide – All Methods
You will occasionally be prompted to approve sign-in when signing back in to Microsoft 365 or when signing in from new locations or on new devices. If you any receive sign-in approval requests that are not a result of you trying to sign-in to Microsoft 365 then please deny the sign-in request and change your Microsoft 365 password as someone may have compromised your credentials.
Making Changes to your Microsoft 365 Multi-Factor Verification methods.
Once you have set up MFA on your Microsoft 365 account you can make changes to your preferred MFA method as well as add additional MFA methods for secondary verification.
To do this, sign-in to Microsoft 365 as normal and then once signed in go to https://mysignins.microsoft.com/security-info to view or change MFA sign-in methods.
From here you can change the Default Sign-in method (Authenticator App is strongly recommended as you can also receive security notifications through this). To add additional verification methods simply click on Add Method and follow the on-screen instructions.
If you receive a phone prompt when you are not logging into Microsoft 365 please advise Neuways support immediately on 01283 753 300.
Or if you would prefer to implement MFA with the support of our IT Helpdesk, simply call 01283 753 300 or open a ticket by emailing support@neuways.com
It is our express recommendation that EVERY user has MFA implemented for their login to ensure your business is as secure as possible against cyber attacks.
It is important to remember that if you suffer a security breach or a phishing attack and you haven’t implemented MFA for EVERY user, Neuways will charge for any remedial action required by our helpdesk as a result of not having MFA fully installed.
