Protect Microsoft 365

Guarding the keys to your kingdom.

Microsoft 365 (M365) is one of the most widely used collaboration suits on the planet. M365 is your organization’s town square where appointments are held, business is discussed, plans are worked on, and all assets are stored. It’s the hub at the center of your professional kingdom. It is also an environment that needs to be guarded and kept safe. You can’t afford unauthorized access to M365. This is why robust modern authentication becomes so important. MFA (Multi Factor Authentication) is the gate keeper - the guard protecting the realm from unwanted intruders.

AuthN by IDEE is your defense against all credential phishing, password-based attacks (including adversary-in-the-middle or AiTM attacks), which protects your systems against account takeover. And here is how easy it is to integrate.

Request a demo

Discrete Authentication

With AuthN same-device MFA, your new login and authentication flow is smoother than Sean Connery’s James Bond! In fact, it is so discrete, that you’ll barely notice it.

1.

Users still visit the same URL, but they will be redirected to AuthN for login.

2.

Then they are asked to unlock their device (however they usually do this, such as facial recognition, PIN, Windows Hello, Touch ID, or whatever it might be)!

3.

As soon as the user has unlocked his or her device, they have authenticated and logged in.

Microsoft x AuthN Integration in Just a Couple of Clicks!

Integrating Microsoft 365 has never been easier. With just a couple of clicks you can federate your domain with our simple and rapid no-code integration.

The only pre-prerequisite is that you already have a Microsoft account with global admin privileges, and you have an AuthN by IDEE account with admin access to the integration portal, then you just follow these few quick steps.

Request a demo

Your Step-by-Step Guide

You’ll need to login to the integrations portal and then follow these simple steps:

1.

Click on “Add Integration” and select Microsoft 365

2.

Name your integration

3.

Go to “Service Provider Metatdata” and enter your domain name

4.

Go to “federate your Domain Now” and click “Grant Access”

5.

In your Microsoft tenant account click on “federate Domain”

6.

Click on “Okay” and save changes!  - You’re all done!

What Microsoft 365 Services are Supported?

Everything within your account is protected:

Microsoft Outlook (Email)

SharePoint, Exchange Online, OneDrive (File Storage)

Word, Excel, PowerPoint (Word Processing, Spreadsheets, Presentations)

Microsoft Teams (Video Conferencing and Collaboration)

Microsoft Calendar (Calendar Management)

Microsoft Forms (Surveys and Forms)

Microsoft Chat (Messaging)

And everything else that is available beyond your login….

And yes, we also protect any legacy password-based systems.

AuthN by IDEE seamlessly integrates with on-premises LDAP or Active Directory (AD) through federation protocols. Thereafter, any application can be seamlessly accessed via phish-proof MFA and without passwords.

In addressing the needs of legacy systems reliant on passwords, AuthN by IDEE offers seamless integration with reverse proxy, Zero Trust Network Access (ZTNA), Secure Access Service Edge (SASE) and Virtual Private Network (VPN) solutions. By enforcing phish-proof Multi-Factor Authentication (MFA) prior to password entry, AuthN ensures robust security measures are in place. This approach guarantees that only authenticated users that have the appropriate access rights to the designated application, and that have successfully completed the phish-proof MFA process, are permitted to enter passwords and gain access, thereby fortifying system security comprehensively.

Chose An Authentication Method That’s Right for You

We highly recommend you use WebAuthn which is the phish-proof, friction-free, same-device MFA method. However, you do have choices and, it is up to you. Supported authentication methods include:

  • WebAuthn
  • FIDO2 Security Key
  • PUSH
  • QR

Web-Authn offers the highest level of protection. We ensure that your digital identity is secure from phishing and password-based attacks throughout the entire lifecycle, which is why Web-Authn is our preferred and recommended option.

Device Requirements

Web-Authn works on any computer with a TPM chip (most machines from 2016 onwards have this) and/or any smartphone with a secure enclave or secure element is also compatible.

The following popular browsers are supported:

  • Microsoft Edge
  • Chrome
  • Safari
  • Internet Explorer 7 or higher

User Enrolment

Register A New Device in Seconds!

AuthN by IDEE ensures that only a trusted user can access a trusted service on a trusted device when the user is proven to be in control. User devices, therefore, must be registered. It only takes a few seconds for a user to register their device.

Here’s how it works in just a couple of clicks:

Cyber Insurance

1.

User goes to portal.office.com and signs in

2.

They will be redirected to AuthN by IDEE to set up their device.

3.

The user simply unlocks their device, using facial recognition, PIN, Windows Hello, or fingerprint.

3.

They will receive a secure magic link via email.

3.

The user clicks on the link which opens a new tab in the browser.

3.

User clicks ‘accept’ at which point they have registered their device. [celebration emoji]

Now every time a user wants to login to their M365 account, they just unlock their device. That’s all.

Request a demo

Fallback Procedures

We don’t just eliminate credential phishing; we also eliminate the stress associated with account recovery!

No More Passwords. At All. Ever!

Passwords are phishable so we don’t use them. Ever. Our solution is end-to-end passwordless which means we will never ask users to create a password – not even for account recovery.

Button

No More Phishable Back-up Recovery Methods

Because everything you need is already housed within the secure hardware of your registered device, there is no need for phishable backup Authenticator codes, or any fallback to passwords in case you need to recover your account. In the unlikely event that you do lose access to your trusted device (which is likely to be your work machine), you simply re-establish trust on your new one using secure identity proofing or setup the new device from an existing device using transitive trust. Phew!

Button

Reduce Account Recovery

Same-device MFA means no separate keys, or tokens which can be misplaced. Kiss goodbye to expensive hardware replacements and reduce the many reasons to bother IT (hopefully they won’t get lonely)!

Button

Frequently asked questions

How does a new user set up their PC on an Azure AD (Active Directory) federated domain when they do not have access to their mailbox?

For new PCs (Out-of-the-box experience) and/or Intune setup, admins can generate an Access Key from the Integration Portal or use Microsoft’s Temporary Access Pass (TAP) and provide it to the user so the user can set up their PC.

How can a user set up an additional device when he or she has already enabled one Web-AuthN-device?

The user needs to go to the device that is already setup and start adding an additional device from there. This is called Transitive Trust, and it ensures that a second device cannot be set up without the user’s approval.

What happens when I reset my account?

For security, all authenticator devices are deleted and access to the Integration Portal (if you are an admin) is removed. If you are an admin you will need to contact IDEE to regain access to the Integration Portal.

For More Microsoft Setup FAQ >>

Updates & Maintenance

AuthN by IDEE is fully SaaS (Software as a Service). There is nothing to remember to keep up to date to remain secure. With no additional hardware or software of any kind there is no firmware or software to update – you are secure, all the time... Now that’s real peace of mind.

How We Protect Your Data

Actually… what data? AuthN by IDEE holds zero personal identifiable information (PII) about its users, which is one of the reasons why it is so secure! That said, we take security and privacy incredibly seriously. Privacy is our primary company value, and this is why we also go to enormous lengths to ensure we meet all the important standards and compliance regulations you would expect from a chief cyber security vendor.

GDPR Compliant

IDEE is fully GDPR compliant, meaning that we take your data seriously. Always.

ISO 27001

We are 27001 certified.

SOC2 Type II

We are SOC2 certified.

Defense In-Depth

One layer is not enough. We employ layered security for every action.

Decentralized Credentials

Fully decentralized asymmetric keys stored inside the device security chip.

Strong Encryption

AES-256-Bit & ECC-512.

Did Somebody Say Compliance?

Rest assured, we are proud to say, that the AuthN by IDEE technology is backed by all the important standards. Due to new and incoming legislation, this is especially important if you are based in Europe or The United States.

United States - EO 14028 & OMB M-22-09

This executive order outlines the mandate for all federal government agencies and civilian agencies in the federal government, to use phish-resistant MFA. AuthN by IDEE goes one step further, in offering phish-proof protection compliant with EO 14028 & OMB M-22-09.

Europe - The Digital Operational Resilience Act (DORA) - Regulation (EU) 2022/2554 – DORA

DORA is new legislation aimed at increasing security in the financial sector in the EU and asserts that organizations will be obliged to “Implement  strong authentication mechanisms, based on relevant standards.” AuthN by IDEE is fully compliant with DORA.

NIST (National Institute of Standards and Technology) Compliant

We are compliant with NIST’s digital identity guidelines (NIST SP 800-63).

FIDO2 Compliant

Expanding upon a FIDO2 compliant architecture, AuthN by IDEE is a strong zero-trust application of MFA. We do not trust blindly; all authentications are explicitly verified.

PSD2 Compliant SCA

Our MFA uses factors that supersede the PSD2 strong customer authentication requirement.

Based on proven Technology

We leverage PKC, TPM/Secure Enclave, and strong encryption.

Transitive Trust

Ensuring a transaction can only be carried out on a “trusted service” by a “trusted device” coupled to a “trusted user” and authorized under the “user’s total control.”

Phish-Proof

AuthN by IDEE protects against every credential phishing and password-based attack, including Adversary in the Middle attacks (AiTM).

Support

It’s easy to find the support you need. Here are your resources:

Admin FAQ

Got questions? Well, the chances are that they may have been asked before, which is why we have a neat collection of the most frequently asked questions all in one place! Check it out!

Learn more

Raise a ticket

Sometimes we just need a bit of technical support. Do you need to raise a ticket? No problem head over to the service desk and tell us how we can help. We will get back to you quickly!

Learn more

Report an incident

Is there something we should know about or maybe you just have some excellent feedback for us? Please use this form to report a security incident, vulnerability, or an improvement.

Learn more

Video tutorials

Already an admin? Visit the Knowledge Centre for step-by-step interactive video tutorials. Looking for demo videos? Check our YouTube playlists.

Learn more

The IDEE Blog

We discuss many topics on our blog from authentication & cyber security, how our partners can build their business and featured guides and tools.  Check it out!  

Learn more

Like what you see? 

Speak to us today to try the best MFA solution for yourself.

Request a demoTalk to sales