Advertisement
Hello,<\/p>\n
We are in the middle of an Office 365 migration and looking to implement 2 factor on our E3 and E1 accounts.<\/p>\n
I see there is a builtin function and its working on the few accounts we tested.<\/p>\n
Is there a way with my E3 / E1 license to white list our Office public IP so that users do not need to use 2 factor when in the office?<\/p>\n
So far it seems I can only do this by adding Azure MFA to each mailbox at additional costs.<\/p>\n
Does anyone have experience using 365 2 factor and how do you handle daily use of 365 when users are in the office?<\/p>\n
I anticipate getting push back if they need to verify via phone every-time they use 365 even if they are in the office logged into the domain.<\/p>\n
We have a number of users that will only use web mail, thus the E1 accounts so any suggestions on how to use a 2 factor option without annoying the masses would be welcomed.<\/p>\n
Thank you,<\/p>\n
Adam<\/p>","upvoteCount":6,"answerCount":3,"datePublished":"2018-04-19T14:16:20.000Z","author":{"@type":"Person","name":"adam3813","url":"https://community.spiceworks.com/u/adam3813"},"suggestedAnswer":[{"@type":"Answer","text":"
Hello,<\/p>\n
We are in the middle of an Office 365 migration and looking to implement 2 factor on our E3 and E1 accounts.<\/p>\n
I see there is a builtin function and its working on the few accounts we tested.<\/p>\n
Is there a way with my E3 / E1 license to white list our Office public IP so that users do not need to use 2 factor when in the office?<\/p>\n
So far it seems I can only do this by adding Azure MFA to each mailbox at additional costs.<\/p>\n
Does anyone have experience using 365 2 factor and how do you handle daily use of 365 when users are in the office?<\/p>\n
I anticipate getting push back if they need to verify via phone every-time they use 365 even if they are in the office logged into the domain.<\/p>\n
We have a number of users that will only use web mail, thus the E1 accounts so any suggestions on how to use a 2 factor option without annoying the masses would be welcomed.<\/p>\n
Thank you,<\/p>\n
Adam<\/p>","upvoteCount":6,"datePublished":"2018-04-19T14:16:20.000Z","url":"https://community.spiceworks.com/t/office-365-2-factor-and-ip-white-listing/647201/1","author":{"@type":"Person","name":"adam3813","url":"https://community.spiceworks.com/u/adam3813"}},{"@type":"Answer","text":"
two-factor authentication is annoying. This is by design. ![\":wink:\"](\"https://emoji.discourse-cdn.com/twitter/wink.png?v=12\" "\\":wink:\\"")
<\/p>\n<\/li>\n
I do not know of any method to require MFA, except when at the office (also that can be spoofed, so it may not be an option at all. And if you factor in VPNs, the setup and configuration of such a scenario suddenly gets overly complicated.)<\/p>\n<\/li>\n
MFA tends to require the use of an application password, so if you put it on regular Outlook accounts, it gets even more annoying. We had MFA turned on for my boss at one point, about a year ago, and it locked out his domain account, because O365 MFA decided to use his application pwd for his domain password. Didn’t take long to decide to hold off on deploying MFA to the end users.<\/p>\n<\/li>\n
We get our MFA codes via text message. Does everyone have a company issued cell phone, or are you planning to send text messages to their personal devices?<\/p>\n<\/li>\n<\/ol>\n
Sorry, not to rain on the parade. I simply do not think MFA currently equals annoying.<\/p>\n
If someone else has better ideas, I’d love to hear them.<\/p>","upvoteCount":0,"datePublished":"2018-04-19T19:30:57.000Z","url":"https://community.spiceworks.com/t/office-365-2-factor-and-ip-white-listing/647201/2","author":{"@type":"Person","name":"jocelynsloan","url":"https://community.spiceworks.com/u/jocelynsloan"}},{"@type":"Answer","text":"
When you use MFA you get an APP token that can be used as the in office password.<\/p>\n
In O365 admin<\/p>\n
Go to Users > Active users.<\/p>\n
Choose More > Setup Azure multi-factor auth.<\/p>\n
On the multi-factor authentication page, choose service settings.<\/p>\n
Under app passwords, choose Allow users to create app passwords to sign into non-browser apps.<\/p>\n
People can then use client Office apps after they create a new password.<\/p>\n
Choose Save, then choose Close.<\/p>","upvoteCount":0,"datePublished":"2018-04-19T21:30:09.000Z","url":"https://community.spiceworks.com/t/office-365-2-factor-and-ip-white-listing/647201/3","author":{"@type":"Person","name":"Jono","url":"https://community.spiceworks.com/u/Jono"}}]}}
