Our Design and Implementation of Multi-Factor Authentication Deployment for Microsoft 365 in Kyushu University

研究成果: 書籍/レポート タイプへの寄稿会議への寄与


In Kyushu University, Information Infrastructure Initiative manages a Microsoft 365 tenant for our university members. We started offering Office 365 in 2016 and migrated our university-wide email service to Microsoft 365 Exchange Online in 2018. Due to the recent outbreak of COVID-19, off-campus uses of Microsoft 365 have increased, and concerns about account security arose. We discussed how to deploy Multi-Factor Authentication (MFA) to protect our users. Microsoft 365 comes with Azure Active Directory (Azure AD), and it includes built-in MFA functionality. With the basic Azure AD MFA, individual users can register MFA information anytime but have no control to enable or disable MFA. Tenant administrators need to enable MFA for each account. For a gradual deployment, we want to allow users to enroll in MFA and register information at their convenience. In addition to that, we want to prevent malicious attackers from registering their MFA information if an account should be already compromised. Such control was difficult with the basic Azure AD MFA. Since 2020 our tenant subscribes to Azure AD Premium P2 licenses, which provides Azure AD Conditional Access. Conditional Access enables fine controls of MFA and other user access behavior with security groups. We designed an MFA self-enrolling and configuration system, and implemented it with Microsoft Forms, Power Automate, Conditional Access, and in-house web applications. By design, this system prohibits MFA information registration until user's self-enrollment in MFA, and requests the user to register MFA information upon the next sign-in after the self-enrollment. This is supposed to reduce the possible unauthorized registration of MFA information. We extensively discussed implementation of various measures and preparation of documents to counter users' troubles and complaints. We started deploying MFA in April 2021, but we have not yet fully mandated MFA due to a push back from some executives expressing concern about the adverse effects of enforcing MFA too quickly.

ホスト出版物のタイトルSIGUCCS 2022 - Proceedings of the 2022 ACM SIGUCCS Annual Conference
出版社Association for Computing Machinery
出版ステータス出版済み - 3月 27 2022
イベント49th ACM SIGUCCS User Services Annual Conference, SIGUCCS 2022 - Virtual, Online, 米国
継続期間: 3月 28 20224月 8 2022


名前Proceedings ACM SIGUCCS User Services Conference


会議49th ACM SIGUCCS User Services Annual Conference, SIGUCCS 2022
CityVirtual, Online

!!!All Science Journal Classification (ASJC) codes

  • コンピュータ サイエンスの応用
  • ソフトウェア
  • 情報システム
  • 教育


「Our Design and Implementation of Multi-Factor Authentication Deployment for Microsoft 365 in Kyushu University」の研究トピックを掘り下げます。これらがまとまってユニークなフィンガープリントを構成します。