top of page
Writer's pictureALIF Consulting

Authentication in Office 365

Updated: Dec 6

The purpose of cloud-based authentication is to protect companies from hackers trying to steal confidential information. Cloud authentication allows authorized users across networks and continents to securely access information stored in the cloud with authentication provided through cloud-based services.


What Is Cloud Authentication and Why Is It Important for My Business?



Global IT and data-driven operations are largely in the cloud. That’s not surprising, considering that infrastructure provides a type of flexibility, resiliency, and scalability that most organizations won’t find in traditional on-premise solutions.

Many of the same security and compliance issues for on-premise technology persist in the cloud, and many of those challenges are amplified. That’s because infrastructure—storage, applications, analytics, and tools—must have a secure and compliant connection to users without sacrificing usability. Furthermore, these environments are heterogeneous and global. Security is a real issue, with different components and tools working together to provide real value to users everywhere.


Types of Authentication in Office 365

  • Basic Authentication

  • Modern Authentication


Basic Authentication


Basic Authentication

Basic authentication prompts a Web site visitor for a username and password. This method is widely used because most browsers and Web servers support it. The benefits are:

  • It works through proxy servers.

  • It is compatible with nearly every Internet browser.

  • It allows users to access resources that are not on the IIS server.


Basic authentication also has some drawbacks

  • Information is sent over the network as cleartext. It is encoded with base64 encoding but sent in an unencrypted format. Any password sent using basic authentication can easily be decoded.

  • By default, users must have the Log On Locally right to use basic authentication.

  • Basic authentication is vulnerable to replay attacks.


Office 365

Timeline for disabling basic authentication in Office 365

Initially, basic authentication’s demise was scheduled for October 2022. In April 2020, the date was postponed. There was more than one reason for the delay.

One reason was COVID-19 and its impact on businesses. Another important factor was that many organizations still actively used basic authentication in their tenants.

Because basic authentication does not encrypt user credentials, it is important that traffic always be sent over an encrypted SSL session. A user authenticating with basic authentication must provide a valid username and password. The user account can be a local account or a domain account. If the user account is in a domain other than the local domain, the user must specify the domain name when logging in.

The syntax for this process is domain name\username, where domain name is the name of the user's domain. Basic authentication can also be configured to use user principal names (UPNs) when you use accounts stored in Active Directory.


Modern Authentication

Modern Authentication is not a single authentication method but instead a category of several different protocols that aim to enhance the security posture of cloud-based resources. Some examples of Modern Authentication protocols are SAML, WS-Federation, and OAuth.

While each is different in its execution, they all aim to move away from the classic username\password method and instead rely on token-based claims. So, while the user may still provide a username and password (for now; see more below), it is used to authenticate with an identity provider to generate a token for access.

This token has more specific information (in the form of a claim) that specifies what the requestor does and does not have access to. Tokens also expire and can be revoked, so there is more ability to govern access.

Modern authentication is an umbrella term for a combination of authentication and authorization methods between a client (for example, your laptop or your phone) and a server, as well as some security measures that rely on access policies that you may already be familiar with. It includes:

  • Authentication methods (authentication = how something/somebody logs in to a system)

  • Authorization methods (authorization = mechanisms that make sure you do not have full access to something by default)'

  • Conditional access policies (policies which define the conditions under which certain additional steps have to be taken to log into a system)


Modern Authentication

What’s the Advantage of Modern Authentication?

One of the biggest benefits for administrators is that all these policies are configured at one central location, which is the identity provider. This means that the more applications are connected to the identity provider, for example, the Microsoft Azure Active Directory and the identity services provided by Microsoft, the more convenient it is to configure conditional access policies for all these applications.

This way, the administrator does not have to configure individual login policies and security settings for each application.


What is Office 365 Multi-Factor Authentication (MFA)?

Azure Multi-Factor Authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for users. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy-to-use authentication methods.


MFA Methods

You can choose from several MFA options and can use different options in different situations, depending on what is most convenient for you. The type of handshake, or knock, you choose can have an impact on how and where your account can be used. So, we want you to be well-informed before you decide which method is best for you.


Option 1: Authentication Phone – (Call or text a phone number)

Call me If you select the Phone Call method, you are setting up your MFA authentication to call you when you want to authenticate.

Send me a code by text message If you select the text message method, you are setting up your MFA authentication to send you a text message with a 6-digit code to use when you authenticate. It is recommended to use a mobile phone that you always have with you, so you can authenticate no matter where you are located.


Option 2: Call My Office Phone – (Call my desk phone)

Your BSU/NTC office phone number will be pre-populated on the additional security verification page. This option does require that you are near your office phone during authentication into Office 365. Your office phone will receive a phone call, and you will be prompted to accept or deny your login.


Option 3: Mobile App – (Microsoft Authenticator App) – Best User Experience

Exuding to the pinnacle of user experience, the Microsoft Authenticator App stands tall as the embodiment of hassle-free authentication. It seamlessly integrates into your mobile device and streamlines the authentication process while ensuring robust security. With its intuitive interface and real-time prompts, the app transforms your smartphone into a secure authentication hub.


63 views0 comments

Recent Posts

See All

Comments


bottom of page