Multi-factor Authentication for Office/Microsoft 365

Multi-factor Authentication for Office/Microsoft 365

September 18, 2020

Cyber security is a threat that Greenville Utilities has long taken very seriously. In fact, we have a Cyber Security Task Force made up of employees from all departments. Their responsibility is to assist Information Technology (IT) and our leadership in ensuring that GUC facilities and networks are as secure as possible. The Task Force and IT recently recommended an additional security tool that not only assists in preventing cyber attacks but also has several other benefits for employees. This tool is multi-factor authentication, or MFA for Office/Microsoft 365. 

What is multi-factor authentication (multi-factor or MFA)? 

MFA is defined as a security mechanism that requires an individual to provide two or more credentials (such as a password and a security code) in order to authenticate their identity. It’s simply an extra layer of protection for applications like Outlook, OneDrive, and SharePoint. You may have already used MFA on your personal devices for certain apps like Facebook and bank accounts.  

Office/Microsoft 365 accounts and programs are in the cloud, available to us everywhere, and have become a significant part of our GUC work lives. Because of this, we need to protect them. Using MFA virtually eliminates the risk of a hacker accessing your GUC Office/Microsoft 365 account by guessing or obtaining your password. 

How MFA works 

Once multi-factor has been enabled, any Office/Microsoft 365 product will require you to log in with both your password and an additional authentication security measure. Sample MFA security measures include: one-time codes delivered via text, voice call, or mobile app; or push/pop-up notification on your smartphone using MS Authenticator. 

Office/Microsoft 365 will require you to re-authenticate with an additional MFA security measure when your device moves from a GUC facility to an off-facility location (like home), or if you have a significant amount of time pass since you last used an Office application on a device. It is also possible that Microsoft may determine your account has encountered risky behavior and will force authentication.  

Benefits of using MFA 

  • Password resets can be done directly from Office/Microsoft 356 portal, without having to be on GUC’s network. 
  • For employees who use VPN to remote access into the network, they will no longer need tokens once MFA is activated. Instead, a push notification will be used through a mobile application. 
  • MFA virtually eliminates some types of cyber risk associated with our Office/Microsoft 365 accounts. 

When will MFA impact me? 

The IT Department plans to implement MFA in small groupings, starting with office personnel in the fall of 2020. Each group will be notified by email and given overall information about MFA requirements. Once notified, you will have 14 days to work with IT or configure MFA yourself.  

IT has created a resource page dedicated to MFA. It’s located on IT’s SharePoint site under “Resource Information” drop-down menu (or click here). Employees can use the self-help resources linked at the top right of that page labeled Setting up MFA for Office.IT will begin working with field employees at a later date. Information will be sent by email, posted in break rooms, and on the help site on SharePoint 

“Our intent with this MFA effort is to provide a more robust and secure experience for our employees when using Office/Microsoft 365,” said Todd Cannon, IT Applications Manager. “We’re excited about the many benefits it will provide employees as well as the improvement to GUC’s security posture.”