Implementing MFA is a key step to securing your business. However not all MFA is created equal. MFA is still susceptible to certain attacks, such as push bombing, social engineering, or various SMS-related vulnerabilities.
The Gold Standard for phishing resistant MFA [CISA.gov] is to use a FIDO2-capable hardware key, where the key must be physically present in order to confirm access.
Setting up your new FIDO2 hardware key with your Microsoft 365 account
If your organization has issued you a FIDO2 key, follow the steps below to get set up for secure access to your Microsoft 365 account:
- In your web browser, go to aka.ms/mysecurityinfo and login.
- Make sure you’re on the Security Info page. Click Add sign-in method.
- Choose security key and click Add.
- If you already have MFA set up, you’ll be prompted to confirm it. If not, you’ll be required to set one up; reach out to GreenLoop and request that we issue you a Temporary Access Pass that will meet this requirement.
- You will be prompted to Choose the type of security key you have. In most cases, you’ll have a USB key.
- Get your key ready, and hit Next.
- In Windows, you will be prompted to create a passkey:
- Click Ok to confirm that the request from your browser to Windows is authorized:
- Confirm again:
- Insert your key into an open USB port when prompted. Note that this does not always work with docking stations and USB hubs; it may need to be directly connected to the PC in order to work.
- If this is a brand new key, you’ll be prompted to create a security PIN. This is a hardware PIN specific to the hardware key:
Otherwise, enter your existing PIN:
- Touch your key when prompted to continue setup:
- Give your key a name.
- You’re done! You can use the hardware key to securely access your Microsoft 365 account. Keep this key in a safe place!
Using your FIDO2 hardware key to authenticate to Microsoft 365
Now that your FIDO2 hardware key is set up, follow these steps to use it to authenticate:
- Enter your username when prompted,
- You should be prompted to Sign in with a security key:
- Provide the security key (that you set up on step #11 above):
- Touch your security key when prompted:
- You’re done!