cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution

Multi-factor Authentication for Office 365

I can't find where to turn this on per this support article. 

 

https://support.office.com/en-us/article/Set-up-multi-factor-authentication-for-Office-365-users-8f0...

 

I just called support and was told that it's not a feature that GoDaddy supports. What?! Is that correct? If not, please tell me how to enable it. 

 

If that is correct, hey GoDaddy people, you might want to turn that feature on like immediately if you want my to renew our 15 (and growing) Office 365 accounts. 

1 ACCEPTED SOLUTION
Community Manager

Hey everyone. I just wanted to give an update here to clarify that while we didn't support MFA at one point, we do now support it on our Office 365 accounts. Here's how you can turn it on. 

 

Before getting started, I'd recommend getting familiar with Microsoft's deployment guide

 

Set up

  1. Visit x.co/365mfa and login to your admin account. 
  2. Check the box next to the email address and click "enable". 

    O365-MFA1.png
  3. Click "Enable multi-factor auth".

    O365-MFA2.png

     

Configuration

Next time the user signs into their email account, they'll be prompted to configure MFA. If it's not the admin account logging in, they might see a prompt to chose a recovery email address. 

 

O365-MFA3.png

 O365-MFA4.png

 

 

 

 

The user can choose from the following MFA. options: receiving a code via SMS (text), receive an automated phone call or using the Microsoft Authenticator app. 

 

O365-MFA5.png

 

 

After you complete the MFA configuration above, you'll be provided with an app password. This password is what you will use to sign into your email address with applications, like mail clients. Make sure you copy it and save it in a safe place or better yet, update your app passwords before clicking next. 

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.

View solution in original post

24 REPLIES 24

Can anyone help me with this, please? Thank you. 

Hey @TomScottOviedo,

 

I'm sorry, but the Multi-factor Authentication feature native to Office 365 through Microsoft is not yet available through our offering. I know this has come up before and our developers are looking into this feature for future updates. 

 

I'll be sure your request is passed along for additional consideration in their planning. 

 

CG - GoDaddy | Community Moderator
24/7 support available at x.co/247support

There is a way to turn it on if you are comfortable in the Microsoft admin environment. The GoDaddy Office 365 admin panel does not show it directly. I would suggest if GoDaddy says it isn't implemented yet, to not do anything that they say isn't offered.

 

On that note according to https://support.office.com/en-us/article/Plan-for-multi-factor-authentication-for-Office-365-Deploym... if you manage an Office 365 tenant in the cloud, multifactor is handled by Azure Active Directory MFA. After logging into Office 365 as an admin account like you would normally, the Office Azure MFA is located at https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx .  I would read the deployment guide.

More information can also be found here https://blogs.technet.microsoft.com/compilations/2016/12/30/multi-factor-authentication-mfa-setup-an... .

 

Some notes are if you happen to use Powershell there has been some issues with it and MFA. Also it is possible to control a user's ability to create app passwords for any of your non web app logins on that MFA page. Individual users can control their options at https://account.activedirectory.windowsazure.com/Proofup.aspx .

 

Again, I will say this is all information available directly from Microsoft for their Office 365 product and not necessarily GoDaddy's Office 365 offering.

Godaddy fails to tell you that they DO NOT support MFA (aka 2FA or Two Factor Authentication) when buying Office 365 Email through them. This is a real issue. It is 2017 and although 2FA isn't the magic wand of security implementations, it is another level of security. 

 

If you buy Office 365 from Godaddy, use their email for a while, then need to turn on MFA (2FA), you will not be able to and you will need to completely migrate away from Godaddy. 

 

I've also noticed that this question has been answered on another post that appears in a Google search, but when you click it, the pages says 'Oops.. we lost it' or something similar. 

 

Godaddy has failed here. 

I was told that Godaddy officially offers this now.  Though front line agents were unaware of it when I first called in.

 

Has anyone heard the same or tried the option?

 

I am hoping to migrate over to office 365 soon.

MFA is supported. Go to the Admin Center. In the search box, type in multi and you will see the MFA option.

 

It will eventually lead you to https://account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx?culture...

Has anyone tried this? I made it to the screen where I could enable it for users but all the documentation I can find alludes to this being a premium feature that Microsoft offers. (Either 1.40/user/month or 1.40/10 authentications).

 

I'm guessing one of several things happens. 

1. GoDaddy foots the bill and passes it along to me like it's perfectly normal for me to trigger a charge directly through Microsoft even though they work so hard to obfuscate O365 features and abstract everything into their featureless control panel.

2. It looks like it will work, and after finishing setup it looks like its set up, but it just doesn't work because it is silently disabled somewhere between GoDaddy-land and Microsoft-land. (This seems to be the case for a lot of Office 365 features with Godaddy's flavor of O365)

3. The service works, despite GoDaddy's best efforts to block anything they haven't abstracted into their own control panel, and after GoDaddy gets a bill from Microsoft for the tenant they go in and disable it.

4. It works, and there are no charges, because Microsoft thought Godaddy disabled the feature, so Microsoft never generates a bill and it just works, for free (yeah right).

Hey! Have you found any more info/workarounds in the meantime? Thanks 🙂

 


@RonFritzemeier wrote:

Has anyone tried this? I made it to the screen where I could enable it for users but all the documentation I can find alludes to this being a premium feature that Microsoft offers. (Either 1.40/user/month or 1.40/10 authentications).

 

I'm guessing one of several things happens. 

1. GoDaddy foots the bill and passes it along to me like it's perfectly normal for me to trigger a charge directly through Microsoft even though they work so hard to obfuscate O365 features and abstract everything into their featureless control panel.

2. It looks like it will work, and after finishing setup it looks like its set up, but it just doesn't work because it is silently disabled somewhere between GoDaddy-land and Microsoft-land. (This seems to be the case for a lot of Office 365 features with Godaddy's flavor of O365)

3. The service works, despite GoDaddy's best efforts to block anything they haven't abstracted into their own control panel, and after GoDaddy gets a bill from Microsoft for the tenant they go in and disable it.

4. It works, and there are no charges, because Microsoft thought Godaddy disabled the feature, so Microsoft never generates a bill and it just works, for free (yeah right).


 

Edit: I just tried connecting with my mail client (not outlook, but that shouldn't matter) using a generated app password, and it won't authenticate. So it would seem that unless you don't need app passwords for anything, the MFA isn't going to work.

 

So I just tried it out on one of my global administrator accounts, and it appears to be working. The instructions MS has for setting up MFA won't work because there is no "More" button in the active users menu - but, if you go to the menu on the left of the admin center (admin.microsoft.com/AdminPortal) and click on Settings -> Services & add-ins, -> Azure multi-factor authentication, in the window that slides out from the right, there is a link to Manage multi-factor authentication, which takes you to account.activedirectory.windowsazure.com/UserManagement/MultifactorVerification.aspx, I was presented with a list of my users.

 

I checked the box next to the name I wanted to test it on, and clicked the "Enforce" link to the right and followed through the prompts. Since I wasn't sure it was going to work, I opened up an incognito chrome tab so I could stay logged in to change it back in case it didn't work, and logged into my account, which walked me through adding a cell phone for text/call MFA. It also offered to provide me with an app password for anything that doesn't work with MFA. 

 

I logged out and logged back in (on my clean browsing session) and after the standard GoDaddy login redirect, the microsoft login then texted/prompted me for the MFA code, and I logged in. 

 

I have not tested it any further than this, have not tested the app password, or tried to manage additional app passwords, etc. I have also not tried enabling it on a regular user. 

 

Hope that helps!

After having purchased and configured an Exchange Email Essentials plan, without having a single doubt on that being a basic yet professional-grade product, I discovered that MFA isn't actually offered (hence not supported).

 

Yesterday I explicitly asked customer support, who even took a relatively long time to told me nein and trying to justify so with quite a lot of sad BS. Which was even more irritating than the lack of a widely diffused security feature that's already a standard even for *consumer* products!

 

Misleading and subpar offering + bad customer support = I cancelled my contract and asked for a refund. Goodbye!

If you are dead set on exchange you can try again with MS directly; you should have access to all of the MFA stuff through them (check first, I'm guessing here) but if you are just looking for a reliable professional email provider you can use with your own domain for small business purposes, check out Google Apps (I think they call it something slightly different now). That's what I've used for my side business for the last four years, and it's great. 5/user/mo and you get gmail with your domain and all of the associated google services associated with that account. If you are using email essentials, it sounds like you aren't buying into the whole MS everything ecosystem (one drive, sharepoint, office everything) like I have at my work, so I would really recommend looking into it if you haven't already ruled it out.


@RonFritzemeier wrote:

If you are dead set on exchange you can try again with MS directly; you should have access to all of the MFA stuff through them (check first, I'm guessing here) but if you are just looking for a reliable professional email provider you can use with your own domain for small business purposes, check out Google Apps (I think they call it something slightly different now). That's what I've used for my side business for the last four years, and it's great. 5/user/mo and you get gmail with your domain and all of the associated google services associated with that account. If you are using email essentials, it sounds like you aren't buying into the whole MS everything ecosystem (one drive, sharepoint, office everything) like I have at my work, so I would really recommend looking into it if you haven't already ruled it out.


Thank you. I have indeed migrated to G Suite.

I'm so confused.  This is infuriating. I stumbled on the instructions RonF suggested on my own and also found this on my GoDaddy admin email site.  It looks like it works for webmail access, but when I just called GoDaddy, the tech said that he got word from a senior engineer that they do NOT have any DFA for Office 365 emails.  

 

RonF, have you been successful with this?  And THANK YOU.  

Perhaps DFA works for webmail, but not for desktop Outlook? But maddening that it seems like it is telling me it will work online, but that Go Daddy says it doesn't work.  A but scary.  

Community Manager

Hey everyone. I just wanted to give an update here to clarify that while we didn't support MFA at one point, we do now support it on our Office 365 accounts. Here's how you can turn it on. 

 

Before getting started, I'd recommend getting familiar with Microsoft's deployment guide

 

Set up

  1. Visit x.co/365mfa and login to your admin account. 
  2. Check the box next to the email address and click "enable". 

    O365-MFA1.png
  3. Click "Enable multi-factor auth".

    O365-MFA2.png

     

Configuration

Next time the user signs into their email account, they'll be prompted to configure MFA. If it's not the admin account logging in, they might see a prompt to chose a recovery email address. 

 

O365-MFA3.png

 O365-MFA4.png

 

 

 

 

The user can choose from the following MFA. options: receiving a code via SMS (text), receive an automated phone call or using the Microsoft Authenticator app. 

 

O365-MFA5.png

 

 

After you complete the MFA configuration above, you'll be provided with an app password. This password is what you will use to sign into your email address with applications, like mail clients. Make sure you copy it and save it in a safe place or better yet, update your app passwords before clicking next. 

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.

View solution in original post

BobBB,

 

Sorry for the late reply, but apparently GoDaddy "officially" supports the MFA solution that we stumbled upon earlier, and were even nice enough to make a short url that directs to it.

 

That being said, and to hopefully answer your question, by default 2FA only protects your web login. When you set up 2FA, they give you a new "app password" that will work in your desktop version of Outlook, but sort-of defeats the purpose of 2FA.

 

I don't use any of the Windows applications personally, but you might be able to set up 2FA for your desktop apps. If I wanted to try and set it up, I would read through the following link; specifically the section linked here:

https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/multi-factor-authentication...

 

I haven't tried it - and there is conflicting information online about which office 365 subscriptions support it, but a lot of it was old so I'd guess it can be made to work.

I hope you're making this high priority.  I work as a consultant for many small companies and I can't recommend this product without 2 factor. I'm currently telling one client they have to move away from this because of security considerations.  2 factor security for company email is a basic requirement for many companies and certifications. 

Agreed! This is a security issue and should be enabled ASAP. E-mail is one of the most private sets of data a user holds and to not have MFA available will ensure upon renewal that we will not re-subscribe via Godaddy. We are planning to add 5-10 more licences but this is a requirement.

When will this be ready?

 

It's absolutely crazy that you guys aren't offering this. I can't stress how much of an issue this is. People are actively avoiding coming to godaddy because of this one issue.

 

Any idea why this is taking so long? I'll be migrating my account this week as I just can't wait any longer.

We are looking to migrate out as well. Any ideas what process you used to migrate out of godaddy.

Hi - could you provide an update on this? Is TFA available now?