Stay Secure with Microsoft: A Quick Guide to the Latest Update

Written on the 11 October 2023 by Michael Goodwin

Important Update: Microsoft Security Defaults

Microsoft is continuously working to enhance the security of its cloud services to protect your organisation. As part of this ongoing effort, Microsoft is enabling a setting known as ‘security defaults’ in your tenant. Your tenant is like your organization’s own space within the Microsoft cloud. This includes multifactor authentication, a robust security measure that can block more than 99.9 percent of identity attacks attempting to compromise your accounts.

You will find that most applications or websites that you log in to will eventually require multi-factor authentication if they have not done so already. You have probably experienced it already with accounting software such as Xero and MYOB.

You might already have had this happen to you, but if not, it will occur shortly that when you log in to your account, you will see a message prompting you to proactively enable these security defaults. If you have not logged in or enabled this setting by the end of this timeframe, it will be enabled automatically for you.

Recommended Action Once the setting has been activated, everyone in your organisation will need to register for multifactor authentication. To ensure a smooth transition and avoid any confusion, we recommend informing your users about what to expect:

Upon signing into their account, users will see a prompt to install the Microsoft Authenticator app. They can choose to install it and follow the steps to register their account or defer the action. Please note that after 14 days, the option to defer will no longer be available.

We understand that changes like these can be challenging, but we assure you that these updates are crucial for maintaining the highest level of security for your organisation’s data and operations.

Recommended Action:

Once the setting has been activated, everyone in your
organisation will need to register for multifactor authentication. To
ensure a smooth transition and avoid any confusion, we recommend informing
your users about what to expect:

Upon signing into their account, users will see a prompt to install the
Microsoft Authenticator app. They can choose to install it and follow the
steps to register their account or defer the action. Please note that after
14 days, the option to defer will no longer be available.

We understand that changes like these can be challenging, but we assure you
that these updates are crucial for maintaining the highest level of
security for your organisation's data and operations.

MICROSOFT SECURITY UPDATE: YOUR STEP-BY-STEP GUIDE

1. Sign in to Microsoft 365 with your work or school account with your password like you normally do. After you choose Sign in, you'll be prompted for more information.

2. Choose Next.

3. The default authentication method is to use the free Microsoft Authenticator app. If you have it installed on your mobile device, select Next and follow the prompts to add this account. If you don't have it installed there is a link provided to download it. You may choose to use a different authenticator for this step.

If you would rather use SMS messages sent to your phone instead, select I want to set up a different method. Microsoft 365 will ask for your mobile number, then send you an SMS message containing a 6-digit code to verify your device.

Tip: For a faster, and more secure, experience we recommend using an authenticator app rather than SMS verification.

4. Once you complete the instructions to specify your additional verification method, the next time you sign in to Microsoft 365, you'll be prompted to provide the additional verification information or action, such as typing the verification code provided by your authenticator app or sent to you by text message.