JAMK’s Office365 service has mandatory strong authentication requirement for all users after Monday, January 17th 2022. For students, strong authentication has been optional until this date. Below is short explanation what does this mean, why is it necessary to require strong authentication and what needs to be done to enable the feature.
What does strong authentication mean and how does it increase security?
Strong authentication (MFA) means identification of user with some other method besides just username and password.
It significantly improves the security of Office365 accounts that are subject to ongoing phishing scams. In addition to traditional username and password, there is a separate additional authentication. In Office365, this additional verification is done through an application installed on the mobile device. In this case, even if the ID or password ends up in the wrong hands, they will not be able to log in without confirmation via the mobile device of the user. An ID/password alone cannot be used to log in to any service that use strong authentication.
Why should I use strong authentication?
Even if you don’t feel that your account has access to sensitive information, in reality it can be misused by several methods without user’s knowledge and it should be protected. The user account used in JAMK’s Office365 services also provide access to many sensitive data, e-mails and internal services, so securing them is essential as various hackings increase globally. Strong authentication does not eliminate the need to worry about a unique ID/password, but it makes it harder to access data of IDs that have fallen into the wrong hands. At the same time, it enables a more comprehensive detection of hacking attempts, making it possible for JAMK ICT-services to react to these attempts even before bad things happen. In other words, it makes your user account more secure and less vulnerable to attack, and it’s a good thing for you and for everyone else.
Practical effects?
At JAMK, strong authentication will be required first for logins to Office365 services (Outlook, Teams, etc.). In the future, the same method can be used for other services as well. The basic use of the services does not change, i.e. users only need to accept the login in the mobile device application.
When working on a trusted network at JAMK’s campuses, the strong authentication method is bypassed, i.e. login’s to JAMK’s services can be done just like before using only username and password.
How do I enable strong authentication for my account?
You can enable strong authentication in Office365 services on your own by following these instructions.