Turning On Two-Factor Authentication for Office 365

By Pegeen Turner

In the age of technology, stolen identities, compromised credit cards and all things online, technology companies like Google, Facebook, Microsoft, and others are trying to help us. These companies have come to recognize that they cannot force their users to use strong passwords and change them frequently.

Welcome to two-factor authentication.

You may have heard the term two-factor authentication and you may know it has something to do with security. It is also referred to as two-step or multi-step verification or authentication. You may even be using it if you bank online, use an Apple ID and any number of other places you access online. Two-factor authentication comes in many forms including a text message, a secondary question about when you were married or your pets name or a prompt to say YES on your phone.

What is two-factor authentication?

Some of you have probably heard about the concept but aren’t quite sure what it is and if you need it. Two-factor authentication is an extra layer of security to make sure that you are the only person who can access your online account, even if someone knows your password. It is a security feature that is available on most cloud-based programs that law firm use today including Office 365, G-Suite for Business (or Gmail), Dropbox for Business, Box.com, almost every cloud-based practice management, and document management system geared for law firms today.

Two-factor authentication will (as Google describes it) “Help keep the bad guys out of your account by using both your password and your phone.”  The process forces you to identify yourself by not only a username and password but also something that is in your physical possession, like a cell phone (that is the two-factor part).

Should I use two-factor authentication?

In short, you need it – wherever you can get it. No matter what type of account that you are using, if it has two-factor authentication, turn it on.

How do I use two-factor authentication?

The name says it all. You need two different ways (two factors) to confirm access to your account – your password and another device that you use, typically, your cell phone. The process is similar no matter which program you are setting up. Here are the basic steps:

Set up two-factor authentication. The program will walk you through the setup process and send a test message via text or phone to your cell phone.

Turn on two-factor authentication. Once the test process is complete, the program will help you turn on two-factor authentication.

Use two-factor authentication. By accessing your online account, you will be prompted for your username (email address) and password as normal. After entering the password, a secondary prompt will ask you for a response with a code, or a prompt or whatever authentication method you choose in Step #1.

Setting up two-factor authentication for Office 365

With the popularity of Office 365 and online email access, security should be a top concern for all law firms. The steps below outline the steps necessary to set up two-factor authentication (called multi-factor authentication by Microsoft) for Office 365.

If you are the Office 365 administrator, you can use the instructions here to turn on multi-factor authentication, then follow the steps below:

a. If you have Outlook open on your local computer, close Outlook.

b. Check whether your Office 365 admin has turned on multi-factor authentication for your account. If they haven’t, when you try to do these steps you won’t see the options in Office 365.

c. Log into your Office 365 email account by going to outlook.office365.com.

d. With the two-step authentication turned on, you will be prompted to “Set it up now”. Choose Set it up now.

e. How should we contact you?

a. Choose authentication phone.

b. If your prepopulated cell phone number is not correct, please put in the correct phone number.

c. Choose to “Send me a code by text message” or “Call me.” Choose whichever is more convenient for you.

d. Choose Next and Microsoft with call you or text you for verification.

Setting up an app password

Some older versions of Outlook and Apple Mail on iOS devices will require a secondary password called an app password. The steps below will help you generate your app password.

a. After verifying your contact method, a screen will appear to generate the app password.

b. Choose the copy icon to copy this password to your Clipboard.

c. If you already have Outlook on your computer, open Outlook.

d. Paste the app password in the password field.

e. Choose OK and Outlook will open as normal.
f. You are done!

NOTE: After adding two-step authentication to your Office 365 account, depending on the make and model of your cell phone, it will either prompt you to log into your Office 365 account (and prompted for a code) or use the app password above for your new phone password.

Next steps

The next time you log in to Office 365 online, you will see the two-step authentication kick in. You will be prompted to enter the code that was sent to you via text message, phone call, etc.  Enter the code you receive in the text message in the field below and choose Sign In.

With that, you will be well on your way to securing your email from “the Bad Guys.” Your email and all your client confidential email messages will now be more secure with two-factor authentication set up. Enjoy the peace of mind knowing your data is safe and sound.