 Why is Multi-Factor
 Securing Cloud resources
Windows Azure AD MultiFactor Authentication
Rich Client Support with
App Password
1. Logon with Username / Password
2. MFA challenge
3. Reply to MFA challenge
1-way or 2-way SMS
Phone call
Mobile Application
Azure AD
& Office 365
Microsoft Confidential
Microsoft Confidential
Microsoft Confidential
Microsoft Confidential
Microsoft Confidential
1. One-time setup: User create App Password (1 per application) through MOP or AAD
Azure AD
& Office 365
2. Rich client logon with
App Password
Admin must:
 Create a Windows Azure Authentication Provider
 Enable Multi-Factor Authentication for the users
App Password available to end-users only
 Not available for Administrative accounts
Password is automatically generated
 16 characters
A limit of 40 passwords per user
 Passwords never expire
 Set Expiration feature is schedule for a future release
Consumerization of IT
Externalization of IT
Users need access, from any device
Applications are on-premises and in the cloud
More Data, Stored in More Places
Social Enterprise
Dispersed enterprise data needs protection
Data is shared between people and applications
The traditional perimeter is rapidly eroding
IT needs continuous data protection that work across ‘classic ‘boundaries’
Use Windows Azure AD Right Management
 Out-of the box
 Integrate natively with Exchange online and SharePoint online
Integrate Office 365 with existing on-premises AD RMS
For this Office product family…
…these restrictions apply for Rights Management use
Microsoft Office Professional Plus 2013
Supported for this release.
Microsoft Office 2010
Supported for this release.
To publish rights-protected content requires
Office Professional Plus. To consume rights-protected
content, Office Standard is required.
Microsoft Office 2007
Not supported for this release.
Create an Outlook Protection Rule