Thinking About MFA? Microsoft Just Made Implementing Easier
We wrote just last week about how crucial it is to implement multifactor authentication (MFA) wherever possible in your business. If you missed that post, check it out now (Have You Implemented MFA Yet?) — we won’t rehash all of that news here.
Still, we figure there’s a sizable group of businesses that fall into one of these categories:
Still on the fence about MFA
Convinced MFA is important but unsure how to get started
In the middle of implementing MFA, and it’s not going well
Already implemented MFA, but people are complaining or bypassing it
If any of those sound familiar, we have great news: if you’re using Microsoft 365, things are about to get a lot easier.
Here’s what you need to know.
MFA Already Available Throughout Microsoft 365
First, it’s worth mentioning that MFA isn’t brand-new for M365 users. Microsoft already supported a few different kinds of next-gen authentication, including MFA.
Maybe you never got around to setting it up, or your team members say it’s a pain to use. (If you’re using the mobile apps, it’s definitely a pain to use.)
Either way, Microsoft’s newest addition will help.
Authenticator Lite Simplifies Access
Microsoft is right now rolling out something called Authenticator Lite. They are building this new function directly into the mobile version of Microsoft Outlook for starters, and we expect they will expand it to the various mobile apps in the Microsoft 365 suite before long.
Authenticator Lite will greatly simplify the login process — without sacrificing the security of MFA. We’ll get to how, but first we need to review some of the underlying concepts.
What’s an Authenticator, Again?
Authentication is a method of establishing that someone is who they say they are. An authenticator is the tool that makes authentication possible.
There are several different kinds of authenticators out there. The simplest is when you receive a text message or a phone call that gives you a one-time passcode that you enter after you’ve already provided your username and password.
That method is exponentially more secure than just a username and password. But it’s still not the most secure approach.
Other authenticators include a special USB key, a key fob that displays a randomly generated passcode, and a dedicated separate mobile app like VIP Access or Microsoft Authenticator.
All of these do the same basic thing: they provide an extra layer of proof that you’re you.
What Makes Authenticator Lite Different
The difference between Authenticator Lite and other methods is that Authenticator Lite is built directly into the Outlook mobile app (for iOS and Android). It doesn’t require a separate, unfamiliar app, and it doesn’t rely on SMS or telephone connectivity.
What does this look like in practice? Simple.
1. When an employee goes to log onto a Microsoft site or app, they will provide their username and password as usual (that is, unless you’ve enabled other tech like passwordless or passkey— but that’s a story for another post).
2. Next, the Microsoft Outlook mobile app will generate a notification.
3. The user simply taps “Approve”, and access is granted. (You can also set this up to use a temporary one-time code, not an “approve/deny” prompt.)
If a user receives this kind of notification and isn’t trying to log onto a Microsoft service, then someone may be trying to compromise their account—but the attacker won’t succeed if the user taps “deny” and the login attempt is blocked.
Blue Ridge Tech Can Help with Rollout and Training