Configure MFA on Microsoft 365 with a Yubikey

In my last video, I spoke about configuring multi-factor authentication on Microsoft 365 using the free smartphone app - but what happens if you don’t have a smartphone? You can use a Yubikey to configure MFA on Microsoft 365.
MFA is so important for Microsoft 365 - it can reduce the chances of a hack by 99.9%. The easiest and best way to configure MFA is by using the free Microsoft Authenticator app which is installed on a smartphone.
But what happens if a smartphone isn’t available? You might be thinking, who doesn’t have a smartphone?
But the problem is if you own a business and you don’t supply your team with company-owned smartphones, then you’re asking them to install work-related apps on their personal phones.
In my experience, some people don’t want to do that and it is their prerogative.
So what is the answer?
The answer is to supply people with one of these - it’s called a Yubikey but the company is called Yubico.
It’s a small device that people can carry around with them - it can fit onto a keyring. This one here was bought from Amazon and was around £40.
Let me show you how you configure this for MFA with M365.
#microsoft365 #duo #2f
------------------------------------------------------------------------------------------------------------------------------------------------
Are you using Microsoft 365 to its fullest potential? Are you getting the most from your investment? It's time to supercharge your Microsoft 365 and your business.
Our FREE Guide - Discover 5 things in Microsoft 365 that will save your business time and money….. and one feature that increases your Cyber Security by 99.9%
► Download our guide here today: 365gearsystem.com
------------------------------------------------------------------------------------------------------------------------------------------------
00:00 Introduction
00:33 Multifactor Authentication
01:32 Youbikey
02:00 Beginning
02:40 Download Software
03:35 Setting Up Software
--------
So who am I and what do I do?
I am an IT expert with over 20 years of industry experience across a multitude of different areas. I am the Founder & Managing Director of Integral IT. Our mission is to deliver IT services that bring real value to each and every one of our customers, no matter how big or small.
If you need IT support, we can help. We can help you wherever you are in the world; you just need an internet connection.
Contact Us Today ► hello@integral-it.co.uk
www.integral-it.co.uk/
-- Make Sure To Follow Me On My Socials Below --
► INSTAGRAM: / jonathanedwardsit
► FACEBOOK: / jonathanedwardsit
If you have any video ideas, or if you'd like me to make a video on anything specific make sure to let me know in the comments below!

Пікірлер: 26

  • @ragon747
    @ragon7472 жыл бұрын

    5:30 When the code appears is on Yubico authenticator app, you just need to CTRL+V because once you touch the Yubikey the code is copied to memory Very nice video by the way

  • @eschelar
    @eschelar Жыл бұрын

    Excellent! As an IT guy, I actually have a policy of not allowing people to put business apps on their personal phones and devices. There is a higher tier of employee that have personal devices paid for by the company, but those are business owners... For everyone else, no. They are allowed to have skype accounts on their personal phones and other messenger apps for internal communications like "where to eat lunch", but we don't use business skype accounts (because Skype for Business was a trash fire since the day it came out), so mfa is not needed. MFA is oddly a mix of consumer product ideas with business accounts. The fact that you can't turn it off is inappropriate and horrendous policy in my books. Most of my computers are just fine with Desktop PC + land line system, but some computers can get really complicated. When we have staff that goes to visit factories for example, the user might have a laptop and a desktop. So they take their laptop with them to the factory and have to use the MFA, which is tied to the land line... back at the office.... Not a big deal during office hours, but what if the person is doing a longer trip beyond office hours. They can't log into anything properly, while a phone back at the office, 150km away rings away with nobody to answer. Stupid. Microsoft's answer to this is that we should provide that person with a phone. Great. Because they don't want to make an option for opt-in we have to pay a few hundred bucks a year and fiddle around with contracts (also, there are special fraud laws here that require phones to be connected to a human's ID card number - even more of a pain in the ass). So this USB thing is great. Of course, they have to have a free USB port on their laptop, which many laptops don't have very many of.... and occasionally break when working laptops fall and take a beating... Still the best option would be to have this opt-in. I've got a computer in my office right now that is fun like this too. Desktop PC, could tie to MFA by land line at the warehouse, but the warehouse is about an hour's drive away. So if I want to go set it up, it's a minimum of 2 hours out of my day. So I have them bring the computer here for me to work on... but now it's also in the wrong place. Fiddly and annoying. There's no serious risk of this computer ever getting hacked or compromised. It's barely used for much of anything outside of emails, opening PDFs and Edrawings files from the boss and R&D departments. Pretty much everything is done internally through emails and Teams. So I could also tie it to a cell phone, but the warehouse manager is often not in the office, traveling from factories and supplier factories and partner factories to warehouse and back. All of these problems have workarounds, but it's a huge hassle and none of it would be necessary if Microsoft devs/mgmt actually had a sense of all the ways computers are used in business. It's almost like they assume everyone is now just spending all their time playing on IG and FB on their phones instead of working. Microsoft is getting increasingly distanced from their actual users and then makes decisions for us that we cannot make meaningful choices about our own company policy... Disturbing trend. I'll be setting up a USB security key for that computer, similar to what you've got here, but minus the ridiculous price tag for a USB key.

  • @bearded365guy

    @bearded365guy

    Жыл бұрын

    Thanks for your comment. The world of IT isn’t always black and white!

  • @rexwithers
    @rexwithers2 жыл бұрын

    Impressive video, clear simple. Thanks

  • @asddasd8364
    @asddasd8364 Жыл бұрын

    I'm curious, I wonder if it's possible to use one Yubikey for multiple accounts? I.e. multiple "public use" computers that have M365 accounts and the managers having one Yubikey and being able to deal with MFA when prompted?

  • @diannewilliams3801
    @diannewilliams38018 ай бұрын

    Great video! Just wondering...I had my M365 account setup with MFA using Microsoft Authenticator, I changed it to use the Yubikey, works great. Noticed Outlook on my Android phone does not prompt for authentication, shouldn't it? I tried resetting the account in Outlook on my phone and it worked fine but has never asked me to authenticate on the Yubikey?

  • @Twedymoto
    @Twedymoto10 ай бұрын

    Thanks for the video. Do you know if it's possible to use the key alongside the Microsoft authenticator as an additional method or is it one or the other?

  • @bearded365guy

    @bearded365guy

    10 ай бұрын

    Yes, I think you can

  • @MdImran-lt1re
    @MdImran-lt1re2 жыл бұрын

    Very helpful video

  • @bearded365guy

    @bearded365guy

    2 жыл бұрын

    Thank you

  • @MdImran-lt1re

    @MdImran-lt1re

    2 жыл бұрын

    @@bearded365guy Well come

  • @dretwav
    @dretwav Жыл бұрын

    Too bad it won't work with the key directly but thanks for the video. At least now I have it working.

  • @Matt-so3nm
    @Matt-so3nm Жыл бұрын

    Hey Jonathan! Thanks for the video. What I would really like to do is enable Yubico 2FA when a password change attempt is made for Outlook account, do you know whether this option is possible?

  • @bearded365guy

    @bearded365guy

    Жыл бұрын

    Are you using Microsoft 365?

  • @ozgurinsan
    @ozgurinsan Жыл бұрын

    Interesting that office 365 doesn't support smart card login directly. I guess they want people to use their authenticator app.

  • @joelireland5477
    @joelireland5477 Жыл бұрын

    all well and good until the youbico authenticator doesn't have add account

  • @otenis2008
    @otenis200810 ай бұрын

    If I setup the yubikey with the authenticator, will I be able to use it on a windows computer without it installed to login?

  • @bearded365guy

    @bearded365guy

    10 ай бұрын

    Yes

  • @auno94
    @auno94 Жыл бұрын

    THanks for the Video, is the a way to do this with less userinput? Where I can just distribute the right key to the right person? We have about 300 people with half without an Business phone so I would love to do this without having to install this app and going through this setup with 150 people

  • @user-tf9sc5do6x

    @user-tf9sc5do6x

    Жыл бұрын

    Curious as to what you figured out?

  • @auno94

    @auno94

    Жыл бұрын

    ​@@user-tf9sc5do6x Sadly not much. If you can go the the Fido2 route you can bulk import them and set them up for the users. But if you have a business that need Terminal Server you are out of luck as RDP does not handle Fido2 and you have to manually activate the key for the users. So check on that, maybe Citrix doesn't have the fido2 issues

  • @MdImran-lt1re
    @MdImran-lt1re2 жыл бұрын

    When the next video coming....? Can we connect and talk on social media?