Happy Friday!
Today, Friday September 15th, Microsoft is beginning it's 6-week long rollout of "stronger authentication" to all users of Microsoft 365. If your business uses 365, here's what you need to know:
Employees using text messaging or voice authentication as a form of 2-factor authentication will be prompted to set up the Microsoft Authenticator App.
Employees can skip this prompt up to 3 times before they're required to install it.
After 6 weeks, text messaging and voice authentication will no longer be available.
Microsoft announced these changes back in July but started sending reminder emails to users this week that the deadline was coming up.
The Takeaway
It's no secret that Microsoft has been hyper-targeted by bad actors since its release. We've had to perform countless remediations for clients with hacked Microsoft accounts, everything from SIM swapping to breaches, impersonation and financial theft. I suspect Microsoft is pushing this through because App based authentication is far safer than phone or text messaging 2FA.
1) If you are a network admin, the following guide from Microsoft will help you run a registration campaign that requests users setup Microsoft Authenticator.
2) To get the Microsoft Authenticator App installed and working, visit the setup guide here. It should only take 2-3 minutes to get going.
Some concerns we have heard about this security change:
Q: What if the user doesn't have a smart phone, like a flip phone? They might currently be using their office phone for 2FA.
A: An Android or iOS based device is going to be necessary. Even an inexpensive tablet, connected to WiFi can be used to run the Microsoft Authenticator App.
Q: What if the user doesn't have a dedicated smartphone, only a personal Android or iOS device?
A: The user will still need to install the App. It's at the company's discretion but as a quick and easy fix is to use an inexpensive tablet, connected to WiFi to run the Microsoft Authenticator App.
Q: Can I use a 3rd party authentication tool such as Keeper, Lastpass or Bitwarden? A: Sure! Just log into http://mysignins.microsoft.com, go to Security info and add a sign-in method.
Stay safe out there.
-Attila