2FA for Office 365
Why you need 2FA for Office 365
One great benefit of Microsoft Office 365 is that it’s cloud-based. Users can access it from anywhere through a simple browser on a laptop, a tablet, and even a smartphone. This is extremely convenient. The downside is that anyone finding (i.e guessing, hacking, eavesdropping, phishing…) a valid user password has a complete access to that user account, emails, and documents. Ouch.
As a domain administrator or a security professional, you have two options: ask users to change their passwords very often and to use complex passwords such as d0*#g17!bk. Or use a frictionless 2FA solution adding a layer of security that defeats attackers, even if they know the user password. With 2FA, passwords can be much simpler, without risk. Guess which option users prefer, and which one you can realistically expect them to use.
inWebo 2FA for Office 365
At sign-in to an Office 365 account with inWebo 2FA, the legitimate user has to confirm that she initiated the access request. This can be done by entering a one-time code received in a short-text or generated with the inWebo Authenticator App or, more conveniently, simply by confirming the access request in the inWebo Authenticator App – as shown on the picture – or even in the browser where the connection takes place, making the whole process frictionless even for users who don’t have a work phone (see inWebo 2FA options for more details)
How to implement 2FA for Office 365
It’s quite straightforward:
- First, create an inWebo account for your organization (you can start below).
- Then, configure both this account and your Office 365 tenant to trust each other. If your Office 365 domain is federated with ADFS (this is a free Microsoft Service part of Windows Server), simply use inWebo ADFS plugins (download and documentation there). Otherwise, configure your Office 365 as a SAML2.0 Relying Party (RP) and your inWebo account as a SAML 2.0 Identity Provider (IdP).
- Finally, adjust the authentication policies and user on-boarding rules from the inWebo administration console.
There’s no server or proxy to install and configure, therefore you will save 2 days for other projects. Also, please note that our pre-sales and support engineers are here to help if you face any difficulty.
AAD MFA or inWebo MFA?
Tough question. However, here are the 2 main reasons why you should prefer the latter over the former:
- Vendor lock: inWebo MFA is more universal and supports a lot more applications. Not only other SaaS applications (including G Suite), but also VPN, remote access, SSO, CMS, Windows Logon…
- Convenience: inWebo MFA uses cellphones and smartphones (SMS OTP, offline OTP, push OTP), but also browsers, thus making the whole process frictionless, including for users who don’t have a work phone.
It’s your turn. You may
- Sign up for free for a basic account (10 user licences) and start implement inWebo MFA for your Office 365 domain. You’ll be able to upgrade this account at any time to get more licences or options. Nothing to lose but an item on your to-do-list.
- Evaluate inWebo for free and without commitment for 30 days. This sounds like the procrastinator package but actually MFA is a serious topic and no one will blame you for taking your time to make sure that inWebo is the right fit. Note that we have project management, consulting, and integration partners trained in our solutions whom you can ask for an evaluation and a PoC.
- Request a customized demo. We’ll be happy to show and explain the basics of our solution and answer your questions.