MFA for Office 365
Why you need MFA for Office 365
Authentication is the only real protection for Office 365 accounts, like anything else in your IT that can be accessed online. Organizations have long thought that enforcing complex password policies was efficient but it is now widely accepted that users are better left out of the security equation. MFA is therefore the only efficient way to secure user authentication and in turn, to protect Office 365 accounts.
2 questions remain: what MFA do you need for your organization and how to implement it for Office 365.
How to add MFA to your Office 365 domain
There are 2 main ways depending on what your users authenticate against, i.e., AD or AAD.
If as of today users authenticate against Active Directory (AD) when they sign in to their account, you probably already have implemented ADFS (Active Directory Federation Service). Depending on its version, a conditional step-up authentication can be added thanks to SAML 2.0 or to an ADFS plugin.
If on the other hand users authenticate against Azure Active Directory (AAD), either because you synchronize it from AD or because this is your native user directory, then you can directly declare an MFA provider for your AAD domain.
inWebo MFA for Office 365
inWebo supports all these methods, i.e. an ADFS plugin, a SAML 2.0 connector, and an AAD MFA provider. They allow different types of controls on the authentication process. If you’re unsure about which one best fits your needs, just ask us.
On the user side, all the aforementioned methods are compatible both with inWebo App-based and browser-based authenticators.
To implement inWebo MFA for Office 365, you’ll simply need to create an inWebo account for your organization and to configure both this account and your Office 365 domain to trust each other using one of the aforementioned methods. There’s no server or additional infrastructure to install and configure. Our pre-sales and support engineers are here to help if you face any difficulty.
AAD MFA or inWebo MFA?
The 2 main reasons why you should prefer the latter over the former:
- Vendor lock: inWebo MFA is not tied to any application vendor, it is universal and supports a lot more applications. Not only other SaaS applications (including G Suite), but also VPN, remote access, SSO, CMS, Windows Logon. Moreover, with inWebo, users only need one authenticator.
- Convenience: inWebo MFA supports smartphones as authenticators, but also computers, tablets, and browsers, thus making the whole process frictionless including for users who don’t have a work phone.