Office 365 - Multi Factor Authentication

%3CLINGO-SUB%20id%3D%22lingo-sub-255110%22%20slang%3D%22en-US%22%3EOffice%20365%20-%20Multi%20Factor%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-255110%22%20slang%3D%22en-US%22%3E%3CP%3EOur%20organization%20has%20implemented%20the%20Multi-factor%20authentication%20for%20Office%20365%20a%20couple%20of%20months%20back.%20We%20use%20Outlook%2C%20Teams%2C%20SFB%20%26amp%3B%20OneDrive%20for%20Sync%20Desktop%20apps%20as%20well%20as%20Outlook%20%26amp%3B%20Teams%20apps%20quite%20frequently.%20However%2C%20we%20are%20forced%20to%20enter%20our%20authentications%20details%20for%20each%20of%20these%20apps%20everyday%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20any%20workaround%20for%20this%20issue%3F%20Would%20also%20like%20to%20know%20how%20other%20organizations%20are%20handling%20this.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-255110%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20Apps%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESkype%20for%20Business%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-255149%22%20slang%3D%22en-US%22%3ERe%3A%20Office%20365%20-%20Multi%20Factor%20Authentication%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-255149%22%20slang%3D%22en-US%22%3E%3CP%3EHey%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F136957%22%20target%3D%22_blank%22%3E%40Mohan%20Kumar%20Narayanan%3C%2FA%3E%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20way%20to%20avoid%20having%20to%20MFA%20every%20time%20you%20load%20the%20app%20would%20be%20to%20move%20to%20a%20%22single%20sign%20on%22%20solution.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ETo%20do%20this%20you%20would%20need%20to%20do%20one%20of%20a%20few%20things%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E1.%20be%20fully%20Azure%20AD%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanage-apps%2Fwhat-is-single-sign-on%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fmanage-apps%2Fwhat-is-single-sign-on%3C%2FA%3E)%3C%2FP%3E%3CP%3E2.%20Run%20ADFS%20with%20your%20local%20AD%20(%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2F2006.07.simplify.aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2F2006.07.simplify.aspx%3C%2FA%3E)%3C%2FP%3E%3CP%3E3.%20Look%20into%20a%20third%20party%20option%20like%20Okta%20(%3CA%20href%3D%22https%3A%2F%2Fwww.okta.com%2Fpartners%2Fmicrosoft%2Foffice365%2F%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.okta.com%2Fpartners%2Fmicrosoft%2Foffice365%2F%3C%2FA%3E)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20by%20default%2C%20single%20sign%20on%20is%20not%20the%20case.%20So%20each%20time%20your%20users%20go%20to%20use%20an%20application%2C%20they%20have%20to%20generate%20a%20new%20login%20token%20every%20time.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20Single%20Sign%20on%2C%20the%20token%20is%20saved%20and%20when%20they%20go%20to%20login%2C%20the%20same%20token%20is%20passed.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAdam%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Our organization has implemented the Multi-factor authentication for Office 365 a couple of months back. We use Outlook, Teams, SFB & OneDrive for Sync Desktop apps as well as Outlook & Teams apps quite frequently. However, we are forced to enter our authentications details for each of these apps everyday

 

Is there any workaround for this issue? Would also like to know how other organizations are handling this. 

1 Reply
Highlighted

Hey @Mohan Kumar Narayanan,

 

The way to avoid having to MFA every time you load the app would be to move to a "single sign on" solution.

 

To do this you would need to do one of a few things:

 

1. be fully Azure AD (https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on)

2. Run ADFS with your local AD (https://technet.microsoft.com/en-us/library/2006.07.simplify.aspx)

3. Look into a third party option like Okta (https://www.okta.com/partners/microsoft/office365/)

 

But by default, single sign on is not the case. So each time your users go to use an application, they have to generate a new login token every time.

 

With Single Sign on, the token is saved and when they go to login, the same token is passed.

 

Adam