"Today we’re adding Multi-Factor Authentication for Office 365 to Office 365 Midsize Business, Enterprise plans, Academic plans, Nonprofit plans, and standalone Office 365 plans, including Exchange Online and SharePoint Online," announced Paul Andrew, technical product manager for Office 365.
"With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in," he explained.
Office 365 administrators can force their users to use multi-factor authentication very easily. Once they are enrolled, they will be required to configure their second factor of authentication at their next login.
Microsoft also also intends to introduce App Passwords for Office desktop applications, to additionally protect Office client (desktop) applications with a 16-character randomly generated password.
"We’re planning to add native multi-factor authentication for applications such as Outlook, Lync, Word, Excel, PowerPoint, PowerShell, and OneDrive for Business, with a release date planned for later in 2014," he also added.
"This update includes the current phone-based multi-factor authentication, and it adds capability to integrate other forms of authentication such as: third-party multi-factor authentication solutions and smart cards. Smart card support is planned to include the U.S. Department of Defense (DoD) Common Access Card (CAC) and the U.S. Federal Personal Identity Verification card (PIV), among others."