Last month, users of Microsoft cloud services such as Office 365 were given the option to try a new sign-in experience. At Amaxra we opted into this new sign-in on our own Office 365 deployment since the new sign-in is planned to go live as the default experience for all users the last week of September. We wanted to be able to advise our customers on how the new experience affected them—and what they should do to prepare for this change. Our learnings are shared below.
Why is Microsoft changing how I sign in?
Change is only good when it makes life easier for you. But some businesses get concerned when Microsoft changes any facet of their products – especially without warning. The criticism comes mostly from larger enterprises who like to manage any changes since they then have to support many more employees on new processes related to the update. But rather than "a change for change's sake," Microsoft is making improvements to their public cloud infrastructure that enhances customer security and ease of use. At a high level, this means all Microsoft cloud services will have a single, secure sign-in experience.
Before the update, Office 365 users who had personal accounts at home along with a business or academic account had to use completely different sign-in pages. This experience was jarring at best, confusing and slow at worst. With this update comes a single, consistent sign-in page no matter what type of Office 365 account you use. It also enables new forms of authentication for your business such as phone sign-in and certificate-based authentication.
What does the new sign-in look like?
The new design prompts you to enter your username on the first screen followed by a credential (typically a password) on a second screen. Microsoft says this was based on extensive user testing resulting in "a notably higher success rate using this approach."
If your business has an Office 365 account without any of your corporate branding, the new sign-in screen will look like this – gone is the picture of the traffic light in Malibu:
Businesses that have customized their Office 365 sign-in screens will see their custom picture as the main screen:
and when signing into Office 365 using a smartphone, the new experience now is much cleaner:
While we're on the subject of using a smartphone, this update also enables businesses to more easily introduce secure new forms of authentication such as phone sign-in. At Amaxra, we use this method to implement two-factor authentication for whenever we access our Office 365 environment to access or to access documents stored in the cloud via OneDrive for Business and SharePoint. Two factor authentication requires an extra device, usually a phone, so the user can confirm it really is them. It's much harder for somebody who shouldn't be accessing your environment to gain entry if a phone is also required to gain access.
What to do next
At the time this post was written (early September 2017), the updated Office 365 sign-in experience was only available as a technical preview. Since the technical preview was first announced in August, our CIO moved us to the new experience and we've had no major issues. We were pleased that our corporate branding and custom photography we added to our previous sign-in page carried over to the new update.
However, we have heard from some of our industry peers that custom code to automate sign-ins doesn't work in the new experience. The reason is because the sign-in is now done over two screens and therefore the previously-automated steps for one screen no longer applies. We recommend any companies that implemented automation to their cloud sign-in process opt in immediately on a few Office 365 accounts to test it out. Especially since by the end of this month you're going to get the new sign-in experience anyway. You may also want to review why you are automating user access to your cloud-based data and apps. In today's world, vigilance is required to avoid security breaches and the sign-in screen is a common attack surface for hackers. As a matter of fact, when Microsoft first offered the new sign-in experience as a technical preview, some Office 365 administrators feared the "try our new sign-in experience" opt-in link that suddenly appeared on their sign-in pages was a phishing scam.
If you have any question about how to opt into the new Office 365 sign-in experience, become a future early adopter on other new features, want help with
deployment, or just want to know more about our services, then connect with one of our experts today.
Contact me at Rosalyn.firstname.lastname@example.org or call 425 749 7471 if you have any questions or comments on this blog.