At Kloud we get incredible opportunities to partner with organisations who are global leaders in their particular industry.

Recently we were asked to accelerate Microsoft’s Azure Multi factor authentication for Office 365 users in the cloud throughout an enterprise organisation.

This blog is not so much focused on the technical implementation (there is an incredible amount of technical documentation provided by Microsoft that covers this) but more around what we discovered whilst accelerating the technology throughout the organisation.

Implementing Microsoft multi-factor authentication for Office 365 users is relatively straight forward, it is actually quite easy from a technical point of view.

The technical steps as detailed by Microsoft;

https://support.office.com/en-us/article/Set-up-multi-factor-authentication-for-Office-365-users-8f0454b2-f51a-4d9c-bcde-2c48e41621c6?ui=en-US&rs=en-US&ad=US

Our approach was pieced into a few key building blocks.

Its post enablement that I want to take the time to focus on and I hope to stimulate a few thoughts around the areas that we spent the most time in the hope that it will help you successfully roll this out successfully to a large usage base. (thousands of people!)

We endeavoured to keep this relatively simple by focusing on the Standard Operating Environment and Communicating  around Azure Multi-Factor authentication.

Let us unpack these key points in a little more detail.

The Standard Operating Environment

With this particular enterprise organisation, they had a majority of their SOEs running an instance of Microsoft Office 2010.

The Office 2013 device apps support multi-factor authentication through the use of the Active Directory Authentication Library (ADAL).

Therefore a key task was to ensure all the office clients were able to support multi-factor authentication as outlined above.

As a result, a key dependency to accelerating Azure MFA was in having a reliable removal and installation package for Microsoft Office. e.g. automated the removal of Office 2010 and process for packaging any new Office 2013 plugins.  It’s important to factor this time into your deployment of Multi-Factor Authentication.

If you don’t have a package that removes and re-installs the correct version of Microsoft Office you will encounter a roadblock.

Under communicating the Multi-Factor Authentication transformation technology

I cannot stress how important the communication part actually is.

We decided on conducting  a couple wave of pilots over a short period of time. The benefit of this approach was to weed out any minor issues that might confuse the larger groups, taking a position of refining our learnings as we progress through the pilots in a healthy order.

We prioritised in the following groups;

  1. Technology group (Security and End-user Computing)
  2. Executive Team (Yes we did this early)
  3. Technology IT (the whole department in one go)
  4. We targeted two Business units (around 300 users combined)
  5. Bulk Azure Multi-Factor Authentication production rollout (all remaining Business units)

We noticed a few patterns with respect to communication, all very common as detailed as follows;

In the first group,

The Technology pilot we conducted a workshop, ensuring that they had all the relevant requirements beforehand  and stepped them through the enablement process. We find that they tend to stumble along initially and figure it out for themselves. Not a lot of noise is generated at this level and generally well received, which is fantastic bearing in mind that they are generally drivers around a more secure environment.

The second group,

The Executive Team are not overly concerned and generally welcome in the additional layer of security knowing the current climate around data loss and the publicity it can generate.  Its almost as if they are relieved it has finally arrived. They have an executive support team who are agile and ready to process any communication around the technology and how to successfully deploy.

In the third group,

The Technology department we find much more effort goes into communicating the technology, including workshops on the how and why, but some very visible senior individuals still behave in ways that are antithetical to the technology transformation. “Do I have to add this additional step to authenticate?” The net result is that cynicism among the people goes up, while belief in the communication goes down.  Its important to spend time at this layer (over communicate) to ensure they understand the importance of safeguarding the organisation’s data. I cannot stress how important the why is in this instance. It is at this level where having done the executive layer is crucial as they would have already seen the benefits of using multi-factor authentication and you would have the senior stakeholder actively engaged in the technology component.

Transformation is impossible unless tens, hundreds or thousands of people are willing to help, often to the point of making short-term sacrifices. “I know it’s a pain to click verify on the Azure Multi-Factor Authentication application but by doing so I am safeguarding my organisation’s data” They get this revelation by understanding why they are doing what they are doing, the very essence of communication.

Employees will not make sacrifices, even if they are unhappy with the status quo unless they believe that useful change is possible. Without credible communication, and lots of it, the hearts and minds of the team are never captured and you run the risk of another failed transformation project.

In more successful transformation pilots, we used all existing communication channels to broadcast the technology transformation. Our guiding principle was simple: Use whatever we can to communicate why Multi-factor authentication is critical to the organisation and how it will take place.

Perhaps even more important, most of the successful pilots of this change learned to “walk the talk.”  Communication comes in both words and actions. Nothing undermines change more than behaviour by important individuals that are inconsistent with their words.

Where we landed

The technology component is relatively straight forward the challenge lies in user adoption, spend most of your time in this space, over communicate  so people understand why you are making the leap forward! Your data will be all the safer for it.

Category:
Identity and Access Management, Managed Services