As is well known, Office 365 is one of the most popular applications within the business world where they can store their information, communicate between workers and more. This makes us see the importance that this application must be protected against the diverse attacks.

Mario Moreno

IAM Engineer

October 11th, 2021

With this information in mind, the biometric option is being implemented through Windows Hello for enterprises hand in hand with MFA from Okta. This creates a unique user experience where user security benefits from this combination of factors.   

One of the solutions that have been found and even mentioned in the last article was the implementation of a security method known as Multifactor Authentication. It is an effective countermeasure against password and identity attacks, being one of the products offered by Okta that has been in high demand in recent years. In addition to using MFA, biometrics is an innovative factor that increases security very effectively.   


Seamless authentication experience

It is well known that Microsoft Azure Active Directory has good support for third parties using MFA with custom controls. Okta MFA is able to integrate seamlessly from federated Office 365 application instances. The experience with this MFA integration with Office 365 offers a great experience that extends to a large number of applications or services connected to the federated domain.  

We can visualize two authentication experience scenarios with MFA would be Azure conditional access and Windows Hello enrollment dedicated to enterprises. With this, a friendly and effective authentication experience is achieved.   

Azure AD conditional access

If you want to use Azure policies in Office 365 applications and have Okta handle the MFA requirements, it is possible with the integration you have between the two platforms. Administrators can configure policies with Azure AD Conditiona Access to enable escalated authentication in Microsoft apps. To give an example, let’s say you configured a policy with Azure AD Conditional Access to request MFA when the user moves from an on-network zone to an off-network zone. In this case, the request would originate in Azure, not through Okta.   

Windows Hello for enterprises

Windows Hello requires Azure MFA for initial enrollment. For organizations already using Okta MFA for other sites, another MFA message can be a confusing experience for users accustomed to performing Okta MFA. The Okta integration enables an Okta-generated claim that authentication is verified to move to Azure AD. Each time the end user successfully logs in with Okta MFA, they will be able to enroll in Windows Hello for Business through the Okta workflow via a single MFA message.

Trust in Okta

A large number of organizations rely on Okta to protect their identities and provide access from all their devices, to any of their applications, from anywhere. Through integrations and built-in features, it extends security and ease of access to Office 365 applications through Windows Hello and Azure AD Conditional Access.   

IT administrators benefit from having less complexity (fewer tickets) and organizations benefit from this investment by generating a great user experience. End users can log into their applications with a streamlined workflow.  

Knowing this already, we can take into account that Office 365 security is paramount for companies that use it as an essential product in their day-to-day business. With the above mentioned, it is expected to generate awareness of the importance of protecting information and make use of the tools that were provided during this article


[1] Leveraging Okta MFA to Secure Access and Adopt Windows Hello for Business. Teju Shyamsunda. 2019