How Do I Sign in to My Microsoft 365 MFA - Enabled/Enforced Account?


Applies to: All Nerdio For Azure (NFA) Enterprise and all Nerdio Private Cloud (NPC) customers


Nerdio is tightly integrated with Microsoft 365 for secure and collaborative working. Nerdio for Azure (NFA) and Nerdio Private Cloud (NPC) customers must be connected to Microsoft 365 accounts. Due to Microsoft licensing requirements, NFA works with Microsoft 365 Enterprise accounts only; which includes the entire series of Enterprise licenses - E1, E3, E5, etc. You can use an existing Microsoft 365 account or sign up for a new account. Click here to sign up for a free trial of Microsoft 365 E3 account.

Note: An Microsoft 365 account must have one available license.

Nerdio Admin Portal (NAP) provides various features to secure its user accounts – one of them being Microsoft 365 MFA. If you are an IT Admin, you can enable multi-factor authentication (MFA) for each of your user’s Microsoft 365 accounts.

Nerdio Tip
  • To enable multi-factor authentication for Microsoft 365, log into Nerdio Admin Portal (NAP). From the main menu, go to Settings > Security option and turn ON the slider for Two-factor authentication (Microsoft 365) as shown below:

Nerdio_settings_security_enable.png

You will now see the following options on Edit user page:
  • Microsoft 365 MFA off
  • Microsoft 365 MFA enable/enforce

With multi-factor authentication (MFA) feature in place, you can add extra layers of protection to secure your Microsoft 365 account. Microsoft 365 accounts with MFA implemented will be authenticated based on the following factors during sign on:

  • Your username and password (the first factor—what you know),
  • Your geographical location from where you are signing into Microsoft 365 (the second factor- where you are) and
  • An authentication response from a device you own (the third factor—what you have)

Together these multiple factors ensure increase security for your Microsoft 365 account settings and resources.

Microsoft 365 MFA can be in one of two states:

  • Microsoft 365 MFA Off or
  • Microsoft 365 MFA enable or enforce

Let us explore them one by one.

How does “Microsoft 365 MFA off” feature work?

By default, when you create a new user, Microsoft 365 MFA feature is disabled as shown below:

MFA_off_user.png

Let us understand the user workflow when “Microsoft 365 MFA feature is OFF”.

Go to Microsoft 365 login page (www.office.com). Enter your Microsoft 365 login credentials and click "Sign in" button as shown below:

MFA_off_Office365_signin.png

If you are a first time user, Microsoft 365 will prompt you to set your time zone.

On Microsoft 365 Homepage, click Set the time zone for your calendar link as shown below:

Testuser11_set_time_zone.png

Using the dropdowns provided, set your Language and Time zone and click Save as shown below:

Test_user11_set_time_zone1.png

You may proceed to enjoy “Microsoft 365” apps and features as usual as per your language and time zone preferences.

Note: In this case, your Microsoft 365 account is protected with your credentials only.

How does “Microsoft 365 MFA enable/enforce” feature work?

As an IT Admin, you can "enable" multi-factor authentication (MFA) for each of your user’s Microsoft 365 accounts. If you select "Microsoft 365 MFA Enable" option on your user account, it indicates that the user has been enrolled in MFA, but has not completed registration.

In this example below, we have edited an existing test user and have selected "Microsoft 365 MFA- Enable" for the user account as shown below:

Edit_user_MFA_enable.png

As an IT admin, you can send an email or text notification to the end-user (Test_user112) that Nerdio has enabled MFA on their Microsoft 365 account. Click the "mailbox" icon next to "MICROSOFT 365 MFA Enable" option to enter end user's email address and contact number. Once done, click the Confirm button as shown below:

office_365_mfa_notification_msgbox.png

Click Save button to save the changes to the user record.

Once your admin enables your organization with multi-factor authentication (MFA), you have to set up your Microsoft 365 account to use it. Follow steps below to set up your Microsoft 365 account

https://support.microsoft.com/en-us/article/set-up-2-step-verification-for-microsoft-365-ace1d096-61e5-449b-a875-58eb3d74de14?ui=en-US&rs=en-US&ad=US and https://support.microsoft.com/en-us/article/create-an-app-password-for-microsoft-365-3e7c860f-bda4-4441-a618-b53953ee1183?ui=en-US&rs=en-US&ad=US

If you are an NFA or NPC customer logging into an MFA enabled Microsoft 365, you will see the following screen:

more_info_needed.png

Click Learn more link to go to Microsoft 365 documentation page:

https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-troubleshoot

Click Next button.

Since Nerdio has enabled MFA on your Microsoft 365 account, it will prompt you to provide more information to verify your identity. You will be directed to Additional security verification page as shown below:  Test_user111_additional_sec1.png

Enter the required information to help Microsoft 365 verify your identity. When you finish entering the details, press Next button.

Note: Some fields are mandatory and if you fail to enter certain information, Microsoft 365 will prompt you to enter the correct information by displaying an error message as shown below:

Test_user111_signinmandatory.png 

Enter all details correctly and click Next button. You will be directed to Step 2 of additional security verification as shown below:

Test_user111_additional_sec2.png

Depending on the method of contacting selected in step 1, you will either receive a call or a verification code on your registered mobile. Click Verify button when done.

Once you enter the correct verification code from your mobile number, you will be directed to Step 3 of additional security verification as shown below:

Note: Some apps like Outlook, Apple Mail and Microsoft Office do not use a phone number to secure your account. Instead, you will need to use an "app password" to sign into them as shown below: 

Test_user111_additional_sec3.png

Click Done button and you are done setting up MFA on your Microsoft 365 account.

The next time you log in, Microsoft 365 will prompt you to enter a passcode (sent on your mobile number) to verify your identity as shown below:

Additional_Security_verification3.png

Note: Once your IT admin "enables" MFA on your account and you set up MFA on your Microsoft 365 account by entering all the required additional information, the status of your NAP user account will change from Microsoft 365 MFA enable -> Microsoft 365 MFA enforced as shown below:

MFA_enforce_112.png

So the difference between MFA enable and enforce is:

Microsoft 365 Enable option on NAP indicates that the user has been enrolled in MFA by the IT admin, but has not completed registration.

Microsoft 365 Enforce option on NAP indicates that the user has started MFA registration and either has completed it or is being prompted to complete at sign in.

 

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Article is closed for comments.