office 365 multi-factor authentication · 2020-05-31 · configuration (microsoft authenticator...
TRANSCRIPT
Office 365 Multi-Factor Authentication
• What is MFA?
• Why are we doing this?
• Conversion Schedule
• Configuration Options
• Microsoft Authenticator App
• Texting messaging
• Phone call
• Application password
• References
Kelvin Edwards
Paul Letta
What is MFA?
• MFA = Multi-factor Authentication
• Uses two or more pieces of evidence (or factors) to authenticate
-Something you have
• (e.g. Smartcard, CryptoCard or MobilePASS)
-Something you know
• (e.g. PIN)
• Current examples:
-PIV-C Smartcard
-CryptoCard
-MobilePASS
2
Why are we doing this?
• Important security measure-Passwords, even long ones, are becoming easier to
crack
• Spam-JLab occasionally sees compromised email accounts
sending spam-Affects reputation of JLab servers and we are
blacklisted-Even regular (non-spam) email is then bounced due to
the reputation of our servers
• Use of OneDrive and SharePoint opens up potential for storing sensitive data which requires MFA
• DOE is now requiring MFA on O365
• End-of-Life (EOL) for basic authentication (passwords) to O365 will end October 2020
3
Conversion Schedule (available on cc.jlab.org)
4
WEEK OF CONVERSION DIVISION(S) / GROUP(S) TRAINING SESSION SCHEDULE
October 24, 2019 IT Division, ACE, early adopters CC F224-225, 9:00AM - 10:00AM
October 29, 2019 CFO, COO, CPO CC Auditorium, 10:00AM - 11:00AM
November 5, 2019 Accelerator CC Auditorium, 10:00AM - 11:00AM
November 11, 2019 Engineering, LCLS-II CC Auditorium, 10:00AM - 11:00AM
November 19, 2019 Physics CC Auditorium, 2:00PM - 3:00PM
December 3, 2019 Facilities, ESH&Q, Theory CC F113, 10:00AM - 11:00AM
December 10, 2019 12GeV, Director's Office, DOE CC F113, 10:00AM - 11:00AM
• IT Division will email you one week prior, and the day before, with the date your division/group is being converted to MFA
• Day Of: Conversion for your group will happen prior to scheduled training session
• Log out and log back in to O365
-https://portal.office.com
• MFA configuration will begin
5
Configuration (Initial Configuration)
Configuration (Microsoft Authenticator App)
6
• Select ‘Mobile Phone’ to use the Microsoft Authenticator app
• Select ‘Receive notifications for verification’ in order to use ‘Push’ notification
to your smart phone
NOTE: Download the Microsoft Authenticator app before you begin
Configuration Options (Microsoft Authenticator App)
• Microsoft Authenticator app
-Push notification
• Message on your phone to Approve or Deny login
-PIN
• Authenticator app displays 6-digit PIN every 30 seconds
7
Configuration Continued (Text or Phone Call)
• Select ‘Authentication phone’
• Text Messaging:
-Select ‘Send me a code by text message‘ as method
-Microsoft sends a 6-digit PIN to your phone/texting device
• Phone Call:
-Microsoft will call you with the 6-digit PIN at your specified number
8
Configuration (DO NOT USE – Office Phone)
• JLab does not have Office Phones listed with your account so this will not work. Use ‘Authentication Phone’ option instead.
9
10
Configuration (Application Passwords)
• Go to ‘My account’ icon on the upper-right of O365 web
application
• Select the ‘My account’ link
• Select ‘Security & privacy’
• Select ‘Additional security verification’
Configuration (Application Passwords, continued)
• Select ‘Create and manage app passwords’ link
11
12
Configuration (Application Passwords, continued)
• Select ‘create’
• Enter Name of
application (e.g.
Thunderbird)
• Hit ‘next’
• Select ‘copy password
to clipboard’
Configuration (Application Passwords, continued)
• Application passwords are 16, random alpha-numeric characters
• Create one for each non-O365 application and/or device-e.g. Thunderbird
• Application passwords should be saved in the application's password manager
• Once used, app passwords are not available to see again-NOTE: If you forget your application
password, you will need to set up a new one
• Limited number of application passwords
13
References
• https://cc.jlab.org/o365/mfa
• ServiceNow Knowledge Base Article
• IT Division Help Desk ([email protected], x7155)
14
Questions? [email protected]
IT Division Help Desk
757-269-7155
• What is MFA?
• Why are we doing this?
• Conversion Schedule
• Configuration Options
• Microsoft Authenticator App
• Texting messaging
• Phone call
• Application password
• References