Microsoft 365 Government Mobile Login

Office 365 Government authentication (login/signin) services are designed to meet the stringent security and compliance requirements of the United States government on mobile devices.

The Federal government, State governments, Local agencies, and Tribal entities, as well as defense industry and contractors sponsored to hold controlled information, are eligible for SSO via federated authentication with other agencies. In addition to the features and capabilities of Office 365, the organizations that use Office 365 Government benefit from the following features unique to Office 365 Government logins:

• Your organization’s login information is logically segregated from customer content in Microsoft’s commercial Office 365 Services.
• Your organization’s login and authentication content is stored within the United States.
• Enable multi-factor authentication (MFA) for all government users to mitigate compromised user credentials.
• Enable Unified audit log (UAL) to enable investigation for potentially malicious actions.
• MFA token integration (Duo, Mamf, RSA, YubiKey, Okta0) to secure logins across all devices.

MSFT 365 for Government Login via MFA

In response to the unique and evolving requirements of the United States public sector, Microsoft has created Office 365 Government Multi-factor Authentication (MFA) for secure logins.

With M365 Gov MFA agencies can establish policies with the following authentication methods:

• Mobile app notification (and wearable applications, such as Microsoft’s Authenticator app on the Apple Watch)
• Mobile app verification code
• Phone call
• One-way SMS
• Hardware tokens

These methods can also be customized to some extent and enhanced with additional configurations in the Security and Compliance Center. One nice feature is Conditional Access which can stop logins from certain locations, devices, and other parameters.

CISA Best Practices for MS 365 Government Secure Login

As many governments around the world began to close their offices and move operations online around the beginning of 2020, the Cybersecurity and Infrastructure Security Agency (CISA) saw great demand for MSFT 365 by state, federal and local government.

As a result, CISA issued  a set of best practices designed to help organizations to mitigate risks and vulnerabilities associated with migrating their email services to Microsoft 365.

Multi-factor authentication for administrator accounts not enabled by default: Azure Active Directory (AD) Global Administrators in an M365 environment have the highest level of administrator privileges at the tenant level. Multi-factor authentication (MFA) is not enabled by default for these accounts.

Mailbox auditing disabled: M365 mailbox auditing logs actions that mailbox owners, delegates, and administrators perform. Microsoft did not enable auditing by default in M365 prior to January 2019. Customers who procured their M365 environment before 2019 had to explicitly enable mailbox auditing.

Password sync enabled: Azure AD Connect integrates on-premises environments with Azure AD when agencies migrate to M365. If this option is enabled, the password from on-premises overwrites the password in Azure AD. In this particular situation, if the on-premises AD identity is compromised, then an attacker could move laterally to the cloud when the sync occurs.

Authentication unsupported by legacy protocols: Azure AD is the authentication method that M365 uses to authenticate with Exchange Online, which provides email services. There are a number of protocols associated with Exchange Online authentication that do not support modern authentication methods with MFA features.

Microsoft 365 Government Login Compliance 

In accordance with Homeland Security Presidential Directive 12 (HSPD 12), MFA hardware such as YubiKeys provide high assurance login authentication for M365 Gov without compromise to help you go passwordless, and modernize multi-factor authentication and smart card deployments.

Federal Mandate

The Biden administration executive order #14028 on improving the nation’s cybersecurity release May 12, 2021, largely driven by the Solarwinds attack, set the stage for federal acceleration of zero trust architectures and multi-factor authentication (MFA).

Federal Compliance

• Manufactured securely in the United States using stringent processes and secure supply chain for trustworthy components, Yubico solutions are fully vetted and approved for sale throughout the public sector, both domestically and abroad.
  • FIPS 140-2, Overall Level 1 (Certificate #3907) and Level 2 (Certificate #3914), Physical Security Level 3
  • Validated to NIST SP 800-63-3 Authenticator Assurance Level (AAL) 3 requirements
  • DOD Cybersecurity Maturity Model Certification (CMCC) Level III compliant
  • Support for DFARS/NIST SP 800-171
  • WebAuthn/FIDO/FIDO2 compliant
  • Approved for use in DOD Non-Classified and Secret Classified Environments

NIST Compliance

FIPS 140-2 validated to meet the highest authentication assurance level 3 requirements (AAL3) of NIST SP800-63B guidelines. YubiKeys are also WebAuthn, FIDO, FIDO2, DFARS/NIST SP 800-171 and CMCC compliant, and approved for use in DOD Non-Classified and Secret Classified Environments.

Microsoft 365 Government support

24×7 support for Microsoft 365 Government extends your security and compliance with all rigorously screened US citizen support engineers.

Preserve budgets with 30% to 50% savings and use the cost savings to modernize and invest in new technologies to move your mission forward. Explore Microsoft 365 Government Support. Explore Microsoft 365 Government Support.

• Save 30% to 50% vs MSFT
• 15 minute response time
• All screened US citizen engineers
• Managed Microsoft escalations
• 20+ years MSFT product support