Microsoft a large organization and provider of numerous IT services, such as operating systems, cloud storage, and office suite now Office365, has been known over the years to have migrate from a standalone installation to a subscription based model with its office365.
The office365 subscription based model, also enables the use of various Microsoft office applications while providing enhanced security such as passkeys, and SMS based authentication.
In the past, users could get hold of a standalone Microsoft office suite and also install Microsoft products such as Word, Note, Excel, and PowerPoint, just by using an office365 Software CD. This software installation CD is known to come with an activation code known by numerous names such as product-key, activation key, product-activation key, and a one-time payment fee, and of course continuous update release.
EMBRACING SUBSCRIPTION BASED SERVICES:
However, by embracing its cloud services and its subscription based model, standalone installations do not seem to be feasible anymore, as users are expected to make a monthly or yearly based subscription payment in other to use any of Microsoft applications with full functionality.
Also, this subscription and application use is dependent on the user’s desirable type of services, and comes with numerous applications integrated (e.g. teams, exchange, chimp, Microsoft Word, SharePoint, PowerPoint etc.), a more sophisticated cloud connectivity such Azure, also known as Entra-ID, and Microsoft Intune.
While these applications are perks of the subscription, their availability is also based on the tier of packages users opt-into (For Home “family or personal” , For Business “comes with additional tiers”), when enrolling for office365 services.
The office365 Subscription For Business services, is uniquely identified as “Work or School Accounts”, providing organizations the flexibility to uses these services, in communicating and providing solutions remotely. Furthermore, Microsoft office365 also has FIDO2 integrated to its platform, in addition to its SMS based security verification.
With the FIDO2 integrated across its platforms, passkeys as we know are then not limited to personal email accounts or services provided by Microsoft but can also be implemented on Microsoft365 based accounts.
However, for office365 based services and Passkeys implementations, the passkey only supports authentication apps or is authentication app based.
In our previous articles, we discussed a few important topics such as Microsoft and Googles role in the use of passkeys as a form of security, setting up passkeys for your Microsoft email accounts, and signing in into your email account using passkeys. These were part of the series of the articles on creating awareness to passkeys, and how to go about setting up passkeys for your personal email accounts.
Subsequently with this article, we would be walking you through the easy steps in setting up your Passkeys for office365 subscription Based Accounts in your organization.
STEP1: Default Domain for Office365.
To get a subscription based account, users must first have a Microsoft email account created, then register and provide all necessary information. The email account used in making payment for that office365 services, becomes the administrator to the domain [email protected] account that is provided by Microsoft, when the subscription based office365 account is first setup.
Note:
It is advisable to integrate your organizations official domain-name into the office365 services and change the default organization domain-name provided by Microsoft e.g. [email protected], when the subscription was first paid for.
This is to ensure adequate security, to prevent the receiving of unsolicited email messages, as passkeys an enhanced security feature, would definitely make it difficult for them to login, even if they have your passwords except of course there is a way they gained access to your authentication application recovery codes.
STEP2: Signing In to Office365 Portal.
Sign in with the domain provided by Microsoft or the new domain email setup by the administrator or you. Usually, the password for login in, is the same as that tied to the personal email account used in paying for the office365 subscription. Upon signing in, you should see your admin dashboard. (See image below)
STEP3: Accessing My Account Portal.
Select “Security & Privacy” and click on “My Account Portal” to take you to the administrator account. (See image below)
STEP4: Viewing Connected Devices.
Before setting up the passkey for that account, check to see the devices that are connected to that domain, normal user email credentials (Windows Hello), this is important for security reasons. (See image below)
STEP5: Accessing More Information About Each Device.
Toggle down the button, to see additional information of these devices such as “Bit Locker” for encryption, the “Device Object ID”, and the “Device Status”.
STEP6: Selecting Authenticator App for Passkey Setup.
Note:
For this step, you need to download the Microsoft Authenticator Application, on your mobile device. If you haven’t, please do before proceeding with this stage.
If all information indicated in “STEP5” are satisfactory, and no suspicious device access, then click on “Security info”, click on “Add sign-in method”, and in the pop-up window, select “Authenticator app” (See image below), you will be provided with a QR-code to scan, and a 25-character recovery codes with hyphen between them after scanning.
Keep these codes safe, as they come handy for recovery, in the eventuality that you lose your device which the authenticator app is installed on.
STEP7: Viewing Security Info.
Once the authenticator passkey has been integrated, this would be displayed in the admin dashboard information provided. It also has information about the device that the authenticator app passkey is running. (See image below)
STEP8: Signing Out Default Domain.
To test the passkey functionality, sign-out the domain based email account. (See image below).
STEP9: Signing In Default Domain.
Try signing in again with the domain name (See image below).
STEP10: Approving Signing Request Via Authenticator App.
Microsoft would trigger a login authentication code, and request that the user enters this code in the Microsoft application which was used to setup the domain based office365 account. (See image below).
STEP11: Inputing Verification Code in Authenticator App.
The administrator should then open the authenticator application, and then enter the code that was provided by the Microsoft web application. (See image below).
STEP12: Providing Device Password to Authenticate Passkey.
Upon entering the code, the authenticator app will trigger the apple-keychain storage, to access the passkey. The user is then required to enter their mobile device passcode (See image below). If this is accurately done, the user should be able to login back into the administrator account, or dashboard.
STEP13: Viewing Recent Activities from Mysignins.
The administrator can then further check “Recent Activity” tab, to check information, of recent activities that has occurred using the administrator panel of the office365. This information usually consists of “Date & Time Zones”, “Country Location of access”, “Type of signings done”, and “Success rate” attempts.
And that is how you setup Passkeys for Office365 Services. In our next article, we would be demonstrating how to configure your organization domain name in office365, when your domain name is behind a CDN service.
Thanks for the read….
Put your comments below in the comment section on your thoughts about this.
Find this article and information helpful? Show some love and support “Click-Here“