Managed Two Factor Authentication for Office 365 (2FA for Office 365)

Attempts to compromise popular email services like Microsoft’s Office 365 system seem to have got to quite endemic levels such that organisations big and small, commercial and charity alike are being compromised and exploited through unauthorised access.

This is not personal, but it does have quite an impact on operations. Security is about multiple levels of defence but even with the best training and awareness of staff, firewalls and mail filters, some targeted ‘phishing’ emails are likely to get through and unfortunately some people are likely to accidentally disclose their userID and password to a lookalike login page over time.

What happens if you do get caught by a phish (or otherwise suffer a compromised mailbox):

  • Bulk emails might be sent out to all your contacts potentially sending them malicious / viral content.

  • Damage of reputation with contacts.

  • Blacklisting of email from your domain affecting delivery to multiple clients and email services.

  • Your mailbox may be downloaded / confidential information in it exposed / put at risk (with potential ICO / GDPR disclosure issues).

  • Contacts and other content may be deleted from mailboxes.

  • Other websites with the same credentials may be exploited (ie your Linked In / SalesForce / other accounts).

Accounts can be secured, marauders locked out, passwords changed, apology / retractions sent out, and email black list de-listings can be done, but all of these take time effort and costs.

Onega are very good at incident response and clean up exercises and will minimise costs & work efficiently so that the average cost to a client compromised is less than the industry norm but still we’d much rather prevent compromises in the first place.

To that end, we work with Microsoft as Certified Partners and constantly look for better ways of doing things. With our new Managed Two Factor Authentication offering for Office 365 (be that Office 365 Business Premium or E1 / E3 / E5 etc. and Microsoft 365 equally), we can help you introduce a new level of protection to your IT environment so as to significantly reduce risks and move towards best practice standards as embodied by the UK Government backed Cyber Essentials, ISO27001 and common sense).

The solution here is that we can help implement a largely transparent layer of extra security to your Office 365 logins - on the web at and from mobile devices and Outlook. After we’ve implemented and helped to enrol users in the Managed Two Factor Authentication service; in order to login they will need a confirmation code sent to or generated by their smartphone (or regular mobile phone via SMS). This way when you are logging in, we prove it is you, and if you are not logging in, you can’t get in without the code. To make the process unobtrusive, you don’t need a fresh code (or any code) on most logins where you are using a pre authenticated device, but mainly on new devices are you prompted (so if you see a login request from Panama, you can respectfully decline this) and for good measure change password.

What does this cost?

Onega’s Managed 2FA service is extremely competitive and thanks to progress of technology now costs a fraction of what it would have done not many years ago. For £2 ex VAT per Office 365 user monthly we can delpoy comprehensive O365 2FA to your organisation.

What do I get for this?

Onega will:

  • Configure and deploy 2FA integrated with your Office 365 environment.

  • Communicate with staff on how to download and install the authentication app (you are now more likely to forget your keys than your mobile phone - and if you do forget there are exceptions we can make after secondary security confirmation).

  • Assist with Enrolment of users onto the 2FA system so that they are hand held through the initial authentication process and familiar with how to use the system for secure logins.

  • Manage the 2FA environment for you going forward to help maintain best security and respond to any user support queries directly or via a nominated ICT Co-ordinator(s) in your organisation.

Given that the cost of impact and recovery (excluding GDPR Fine risk) of a compromised account is widely quoted at between £10K and £80K per incident dependant on organisation size, the relatively small investment associated with adding this layer of protection is exceedingly good value and a tick on any compliance list.

How do we get started?

Feel free to Get in Touch - give us a call or drop us a mail and we’ll swing into action to help you secure your Office 365 systems.

Many thanks to Neville Wootton for sharing the banner picture of the lanterns via Flickr