Microsoft appears to be getting jumpy about the security of Office 365 and Yammer. That is not to say that there have been any recent events to make users nervous.

It’s just that over the past two days, Microsoft has announced the introduction of multi-factor authentication for Office 365, including security enhancements for those using Yammer in SharePoint.

Just a Coincidence?

It’s probably just a coincidence the new user authentication for Office 365 comes only three weeks after Microsoft  plugged a vulnerability in Office 365 that could have exposed it to data thieves. But nevertheless security is  high on the Microsoft agenda and reflects the growing use of Office 365 across the enterprise space.

The new authentication feature was revealed in a blog post by Paul Andrew, a technical product manager on the Office 365 team. He wrote that it is available to most Office 365 plan users.

This means anyone that is covered by those plans, includingthe enterprises plans, midsize business plans and academic plans that include Exchange Online and SharePoint Online, will be covered and will be able to use -- and even should use -- this new feature without any additional costs.

Office 365 security authentication enrollment.jpg

Signing up for authentication

The idea is to secure cloud accounts above and beyond the usual login user name and password. Users will have to acknowledge a phone call, text message or an app notification on their smartphone after entering the password.They will be only able to enter the accounts after this second authentication has been carried out. Security options include:

  • Call my mobile phone.
  • Text code to my mobile phone
  • Call my office phone.
  • Notify me through app.

This kind of authentication was introduced to the Azure Cloud platform last September. Its introduction to Office 365 is the extension of a feature that has been available to administrators since the middle of last year, but clearly the level of risk for cloud services now is so great that Microsoft is offering it to everyone.

This addition of multi-factor authentication is part of Microsoft ongoing effort to enhance security for Office 365, Andrew says, but it is not the only new step that is being introduced. The Office 365 team is already working on improving Multi-Factor Authentication for Office 365 from Office 2013 client applications.

Office 365 security authentication passwords.jpg

Authentication process

Learning Opportunities

Microsoft is also planning to add native multi-factor authentication for applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell and OneDrive for Business, with a release date planned for later this year.

It also plans smart card support is planned to include the US Dept. of Defense (DoD) Common Access Card (CAC) and the US Federal Personal Identity Verification card (PIV),giving an added selling point for public services.

Yammer Security Upgrades

But Office 365 is not the only application that has received the benefit of additional security. Yammer, and particularly Yammer as the social layer of SharePoint, has also received a security makeover so that Yammer now benefits from the same security precautions as SharePoint Online does.

According to Microsoft, enterprises that are extending the social capabilities of SharePoint through Yammer should upgrade their Yammer app to the latest version to benefit from the new sign-in features.

Office 365 security authentication yammer.jpg

Earlier in the week we saw that enterprises are still reluctant to move their email applications to the cloud because of security concerns, particularly concerns that if they did their email would be exposed to unauthorized third-parties.

Indeed, the vulnerability that Microsoft closed off last month would have enabled anyone with a mailbox in an enterprise using Office 365 to obtain administrative permission over the entire company’s Office 365 environment.

Even if there is no apparent risk at the moment, if Microsoft wants to grow the Office 365 footprint it really needs to reassure enterprises that Office 365 is safe. Do you think this is the way to do it? Share your thoughts in the comments, below.