VanRoey Logo
VanRoey Logo
menu
Header image overlay

Guide: Secure your Office 365 environment with Multi-factor Authentication

Working from anywhere is a must, but how do you know that someone who signs up is actually your colleague, not someone who has stolen his password?

Today, employees must be able to work anywhere, anytime. That is possible within Office 365 , but a login is quickly stolen. 42% of millenials, passed his or her password on to non-family members; in fact, 74% logs on to unsecured wifi hotspots without a care in the world.

Whichever way you look at it, you'd better assume that sooner or later the Office 365 login of one of your employees ends up in the wrong hands. 

What can you do about it?

Multi-factor authentication (MFA)also known as ‘two-stage authentication’ requires an extra code in addition to your password that only you can know, not the name of your first love or turtle, but a unique code that is only valid for 30 seconds and can only be seen on your smartphone. A criminal who owns your username and password is so powerless because he has no access to your smartphone.

It is therefore recommended that 100% activate this within Office 365 for all of your colleagues:

  • It should not irritate or inhibit (trusted) users in their productivity;
  • Are the smartphones secure enough? Otherwise, you can still access your data via a targeted robbery/intrusion;
  • In some organisations you are not allowed to use your smartphone;
  • What if an employee doesn't have his smartphone at hand or the battery is empty?
  • If you ask for an extra code too often, this can negate the alertness of users;

Getting Started with Multifactor Authentication within Office 365

 

Measuring is knowing: Who, when, where and on which device?

First map out which users are working in the Office 365 environment. This shouldn't be a big task thanks to tools like Active Directory. Then zoom in: what rights do they have and which devices do they use to access the business environment?

You can then look at the business applications and data. It is advisable to secure everything with MFA, but to avoid irritation you can consider leaving non-sensitive or non-business critical data and apps on the standard security.

Based on the above knowledge, you can then draw up security policies.

When do you want to enforce MFA?

There is no point in asking users within the perimeters of the company, on their own PC, for extra codes every now and then. This can be counterproductive; if it becomes an (irritating) automatism, outsiders can take advantage of this. Once a day is usually sufficient.

So you have to think a bit like a “Cloud Access Security Broker (CASB)” Is the location okay? Is the device okay? Is the time okay? Is the network secure?#8230; Then you can be milder than if the same account tries to log in from a public hotspot at 4.00 am ’night from Vietnam.

Start with a pilot project

If you have a few communicative employees who are interested in IT, they are the ideal candidates to test the system with. These ‘Key Users’ can give you valuable critical feedback, so that you can refine the policies where necessary. To gather feedback and to conduct the discussion centrally, it is best to use Microsoft Teams. Keep your eyes open for frequently asked questions, these will come in handy in the next phase.

How do you protect your company?

Tailor-made security strategy

Prevent hacks, malware, cryptolockers and viruses in your company by deploying the right solutions. Discover your ideal security strategy here!
More info!

Ready for the big rollout

On the one hand you can count on the aforementioned ‘Key users’ who can help your colleagues in setting up the two-stage authentication, but it is very important that you write a manual with clear screenshots, supplemented with a FAQ/V&A addendum. This can save your IT staff many hours of explanation. You will also be sure to get questions like ‘What if I buy a new smartphone ‘What if I buy a new smartphone &1TP?

Personally I think it is even stronger to make a short video tutorial. This doesn't have to be a hollywood production as it's for internal use only, but moving image is a bit clearer. The only disadvantage is that if the procedure ever changes, you will have to make a new video…

Additional Tip

Use the Authenticator App instead of SMS. Not only is it more practical, an SMS is relatively easier to intercept.

In the signature of emails or on business cards often GSM numbers are communicated. There are already many cases known of fraudsters who approach telephony providers with the excuse ‘ My smartphone is stolen or my SIM card is faulty… I would like to activate a new SIM card for this number…” And then you're a bird for the cat. But there are still benefits:

  • This also works when your smartphone has poor range.
  • It works faster because sometimes an SMS arrives with a delay.
  • It also works on wearables

If you have any questions about the roll-out of MFA within Office 365; do not hesitate to contact our colleagues. contact us.

Tip: use the Authenticator App instead of SMS. Not only is it more practical; an SMS is relatively easier to intercept.”
Clippy forces you to follow us.

Written by:

Matthias Sanne | VanRoey.be
LinkedIn icon
Matthias Sanne
Marketing & design @ VanRoey

Has been working as a marketer, designer, webmaster, copywriter, PowerPoint guru and numerous other things for 15 years. He gets his energy from simplifying complex matters. He tries to do the same in his Techblog PowrUsr.com where he brings handy solutions to challenging problems.

Related info

  • Blog

Federal government extends cyber defence partnership with Fortinet and VanRoey

Public authorities Smals | VanRoey.be

Microsoft Surface

Microsoft Surface Teams Call
  • Blog

10 Essential tips for a more secure IT environment

Security Strategy

Let our experts guide you

Like thousands of organisations, rely on our knowledge & experience to work out your ideal network, data centre, IT security, CRM / ERP, meeting rooms or digital workplace...

Ask your question


Thanks to the Fortinet Security Fabric, a single security platform allows us to manage all our devices centrally and conveniently, without sacrificing data nor Internet accessibility! Watch video case...
Luc Smet
Luc SmetICT-NIM Teamleader


What I appreciate most about VanRoey is their hands-on approach and no-nonsense corporate culture. Moreover, they don't just answer the question, but they really do think along. For us, this has led to a deeper understanding and solutions that exactly fill our needs. Watch video case...
Steven BruynseelsIT Operations Manager


Switching to telephony via Teams went smoothly. Communication is very important to me in such projects. The cooperation between us, Telenet and VanRoey went very smoothly. Watch video case...
Gert Torah
Gert TorahIT Manager


I've worked with many companies before, but the approach of VanRoey is really quite unparalleled. With VanRoey.be we found the IT partner we were looking for. Read the case...
Raf De Leu
Raf De LeuIT Manager


We are very satisfied with the cooperation with VanRoey. Their people have a extensive knowledge and, in addition, can be used on a understandable way ...to transfer. Read the case...
Kim Kerkhofs
Kim KerkhofsExecutive assistant


Quality pays for itself over the years anyway, both for construction projects and in ICT. We therefore opted for the VanRoey ecosystem: the right solutions, the right brands, expertise and flexibility, with high reliability as a result. Read the case...
Martin Björklund
Martin BjörklundICT administrator

Newsletter  | Linkedin

LinkedIn Spotify Instagram Facebook-f Youtube Newspaper

Conditions – PartnershipsSatisfaction survey - VanRoey

  BC-Certified-logo_ISO-27001

Our Solutions

Managed IT Services
Security audit
Expertise Services

IT Security Strategy
Train Your Staff (Awareness)
Network Security
Firewalls
Antivirus
Endpoint Defence & Response (EDR)
Cybersecurity for Government (Smals)
Smart AI camera surveillance

VanRoey Private Cloud (IaaS)
Servers & Storage
Apps & device management
Backup Solutions
Networking & Wifi
Internet line & IP VPN
Azure Cloud Solutions
AI-powered CCTV

Copilot AI
Microsoft 365 / Office 365
Microsoft Teams
Microsoft SharePoint
CTOUCH Touchscreens
HP Business Notebooks
Dell XPS & Latitudes
Professional Printers

ERP & CRM With Dynamics 365
Power Platform
Dynamics 365 Real Estate
GPS Tracking(Sensolus) / Indoor tracking (Pozyx)

Events

Training

Experience Center

Jobs

About

ESG

Kempus

Customer Area

Contact
Living Tomorrow building

Event: 30 Nov

IT Inspiration Day

What will the future bring? Get an exclusive tour & plenty of inspiring sessions at the revamped Living Tomorrow. It promises to be another great and educational year-end event! See you there?

Info & registration

Attention: limited number of places!