Office Enhanced Authentication

The Office suite will enable multifactor authentication and some forms of single sign-on using a client component in preview as of July 2015. The component could enhance security in many organizations with Office users, and it could be particularly useful for Office 365 multifactor authentication. The screen shot here shows what will probably be a common use of the component: an Outlook user entering a second factor (a numeric code received by text message) to sign in to Exchange Online.

Multifactor authentication can enhance security and may be mandated in some organizations. Office 365 has enabled multifactor authentication for some time, but Outlook and other Office applications did not work with it, so users had to employ the more limited Outlook Web App browser interface or maintain “app passwords” to bypass multifactor authentication.

The new authentication component, which Microsoft calls modern authentication, works with identity providers and services through the Active Directory Authentication Library (ADAL) software. ADAL works with Office 365 and Azure multifactor authentication, SAML 2.0 passive authentication (a widely used protocol for single sign-on), and smart cards and certificates.