What is multi-factor authentication?
Multi-factor authentication (MFA) is an electronic authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN.
The pieces of evidence, or factors, fall under the following categories:
- Knowledge: something only the user knows.
- Possession: something only the user has.
- Inherence: something only the user is.
- Location: somewhere only the user is.
MFA ultimately protects the user from an unknown person trying to access their personal or professional data. It is a core component of a strong identity and access management (IAM) policy.
What is the latest news regarding MFA?
As Microsoft Dynamics GP clients move their systems to the cloud and leverage Office 365 with exchange online, organisations are progressively enabling additional security measures to secure their users credentials and data. MFA is being enabled for users online accounts and mailboxes, and in the past this created issues with processing email through Office 365 and Microsoft Dynamics GP.
One of the long-requested features is for Microsoft Dynamics GP to support emailing on mailboxes that have MFA enabled.
Clients looking to add additional security through MFA to their email accounts can now do so! There is support for MFA within the latest Microsoft Dynamics GP version when using exchange based emailing.
PA recommends planning an upgrade to the latest version of Microsoft Dynamics GP in order to get access to this new feature, and many other additions. However, if you are currently affected by this limitation in your existing version of Microsoft Dynamics GP, there are workarounds that you can deploy in order to function in the medium to short term.
It should be noted that these may have security and process implications.
What is the issue?
Previous versions of Microsoft Dynamics GP do not support emailing to an Office 365 mailbox if the user has MFA or two-factor authentication (2FA) enabled.
Who is affected?
Microsoft Dynamics GP users who want to use Office 365 for emailing from within Microsoft Dynamics GP with an account that has MFA turned on.
What is the fix?
MFA functionality was included within the 18.3 update. Microsoft Dynamics GP 18.3 (and future releases) will be the only versions that will have this functionality, as it won't be released for previous GP versions.
What are the workarounds?
Clients who have MFA turned on for the Office 365 users will need to generate an App password for each user emailing from Microsoft Dynamics GP, and use this App password when authenticating to their mailbox within Microsoft Dynamics GP.
Alternatively, you can simply turn off MFA and use Legacy authentication for the accounts that will be emailing to Office 365 from Microsoft Dynamics GP.
Note: Legacy authentication is being phased out in 2021. You can read more about this change here.
Lastly, you can switch to using MAPI based emailing instead of Exchange based emailing.
Considering a Microsoft Dynamics GP upgrade?
If you are considering upgrading your Microsoft Dynamics GP solution to combat these issues, you can find more about your options, and how and why to upgrade, here.
Other security trends for your consideration:
You can learn more about the other security challenges that we are finding within our client base, and what you can do, below: