Read time: 5 minutes
Multi-factor authentication (MFA) is one of the biggest cloud and data security innovations. It provides a new security layer to the existing infrastructure, enabling you to protect your information against all odds. Many cloud-based applications like Google, Yahoo, and Microsoft already provide this feature in most of their applications.
Last year, Microsoft released two new features to improve MFA for Azure AD accounts to work better and faster. These new features offer enhanced security and provide protection data against all loopholes and attacks and help in come out of Office 365 messages stuck in Outlook state and other other similar problems.But can you improve the existing MFA for your Microsoft 365 Tenant?
With 30-minutes of work, any administrator can improve user security quickly using these features named – Number Matching and Additional Context.
The device IP address accuracy depends on various factors, but it’s good to have the assurance that the sign-in effort is not from somewhere impossible. For example, if you want to add a shared mailbox in outlook, then the MFA will make sure that no unauthorized user can access it. Additional context combines the sign-in with number matching to give users enough information to understand a complete authentication context.
In Azure AD settings, you can easily enable additional context and number matching for Authenticator. To do so, follow the below steps:
Both the features will be labeled as Preview, so they’ll be available in the near future.
Graph Explorer is an alternative option to Azure AD to configure the two features. However, this method is a little complicated than Azure AD settings.
The Graph API allows you to run multiple queries while underpinning many parts of Microsoft 365. Even if you don’t have experience using Graph API, you can still run commands via Graph Explorer to understand how queries work and what they return.
To use Graph Explorer, follow the below steps:
Note: Make sure you don’t change the formatting or structure of the request body.
After that, you can validate the configuration settings by changing the query type to GET and un the query to see the current configuration.
Anyone can use the above methods to enable number matching. But, you can limit this feature to a specific group or individuals to enhance MFA. To do that, you need to change the Id property from “all_users” to the object identifier of an Azure AD group.
To find the group identifier, you can check the Azure AD admin center and copy the identifier from the group properties.
If you find it complicated to use the above methods to enhance MFA in Microsoft 365, you can back up your entire data on your local system. However, you cannot back up the whole data manually because the process can be time-consuming and lengthy. So, the best solution is to use an automated tool like Kernel Office 365 Backup, which allows you to backup entire data quickly with a simple approach.
It is specifically designed to help you back up the entire Office 365/Microsoft 365 mailbox data in various formats, including PST, MSG, EML, etc. It provides two options – Basic Authentication & Modern Authentication – which ensure safe and hassle-free Office login in all situations. Modern Authentication uses 2-factor or multi-factor authentication and assures the complete security of Office 365 data. The tool is equipped with advanced filters that enable users to backup specific data based on various parameters like date, to, from, type, etc. The tool is available as a trial version for users to help them understand the tool’s functionality.
Microsoft is continuously improving the security of Office 365 data with enhanced multi-factor authentication with an Authentication app. However, it is still confusing why most Microsoft tenants don’t use MFA to protect users. There is no doubt that MFA provides additional security to users and definitely allows users to secure data. This article highlights how you can enhance MFA with number matching and additional context features.