Microsoft Office 365, Multi-factor Authentication, and maestro*

WHat is Multi-factor Authentication?

With the rise in cases of cybercrimes, indentifying ourselves by only using a password is not enough. Considering the various hacking attempts on email accounts and to make sure your Cloud files stay secure, Microsoft offers a Multi-Factor Authentication (MFA) access to your accounts. This ensure that an Office 365 user who wishes to open Outlook (whether through the application or web browser) must enter their password AND another validation factor (often a code from the Microsoft authentication app sent to the user's phone number).

The MFA allows the authentication of a person using at least 2 of the following 3 factors:

• something the person knows (usually a password);
• something the person owns (usually a phone);
• or something the person "is" (using biometrics).

For more information on how to set this up, please refer to Microsoft's Documentation.

 

maestro* - Emails

Microsoft, through Office 365, offers multi-factor authentication. This means that an Office 365 user wanting to open Outlook (application or web) will have to enter his or her password and another validation factor (often a code from the Microsoft authentication application on the user's phone).

Maestro offers two ways of sending emails; directly through the Outlook application, or by using a simple mail transfer protocol (SMTP):

• If a user is set up to use Outlook, there won't be any problems since the application will already be open and the multi-factor authentication will already be confirmed. If that is not the case, a message will be displayed, asking the user to identify themselves using a second indentification factor.
• However, if we use SMTP, only recognized sites are allowed to send emails using Office 365, once the MFA is activated. We therefore stop pirate apps from using your email account for spamming and phishing. It thus becomes impossible to send emails through maestro*.

Although there are exceptions, the following generalization can be made: maestro* (installed on physical hardware) = Outlook is used maestro*CLOUD = SMTP is used

To know which email software is used, open the General Settings maestro* > Maintenance > General Maintenance > Processing > General Settings, General section, Mail Software field, (SMTP, Outlook, or other values).

 

Knowing that many legitimate applications such as maestro* exist, Microsoft Office 365 offers two different solution paths to re-activate the transmission of emails from maestro*:

 

IP Address Authentication

All emails sent using maestro* go through your environment's SMTP service. This service is usually installed on the server and has a unique IP address. This address must be identified in Office 365.

An additional package is required by Office 365 to use the IP address method.

Add the service's outgoing IP address (maestro*) to the Office 365 configuration to enable sending via SMTP WITHOUT MFA. This does not require any changes to maestro*.

For more information, please read Microsoft's Documentation.

For maestro*CLOUD users, the current IP address is 199.16.112.2. No changes should ever be made to this address; if ever it were to be modified, you will be informed by email.

 

Special Office 365 Password

Another alternative is to generate Apps passwords for each user whishing to send email via SMTP. The generated passwords will replace the Office 365 password for each user and should be put in place of the SMTP password for each user in maestro*. Sending via SMTP will work for these users WITHOUT MFA.

Please refer to Microsoft's Documentation for more information on how to create this password.

There are two options in maestro* in which we can note this password:

Preferences

maestro* > Maintenance > General Maintenance > Processing > Preferences

Security Management

maestro* > Maintenance > General Maintenance > Processing > Security Management

 

Last modification: September 20, 2024