Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Reply
maepcowens
Visitor 1

Setting Up a Phone/Email for a Generic O365 Account

I apologize if this has been asked, I have seen questions like this, but none point to the answer I need. The problem I am running into is Microsoft keeps wanting me to set up a phone number and/or an email address for recovery. I cannot bypass this in any way (I use to be able to). We cannot set up a phone number or email because this account is generic.

 

This account name is called "Board Room" (we do have an actual O365 license assigned to this account), as the name suggests, we use this account in our Board Room for meetings and whatnot. Since this change, I can no longer use Outlook, Teams, or any other Microsoft product has Microsoft wants me to log back on with this information. The reason we cannot set up a phone number and/or email is that everyone in the company uses this account for meetings. Not sure what my options are...

 

My only thought is to create a distribution list and add that to the recovery email. But will they allow a distribution email to be used as the recovery email?

1 REPLY 1
sansbacher
Level 5 Contributor

@maepcowens :

Probably you shouldn't be doing that - is what I imagine MS would say.

 

You should assign licenses to accounts that are for PEOPLE (who can use a phone, check email, and set up MFA or recovery info). 

Your Board Room sounds like it should be a SharedMailbox or something, which doesn't need a License. And no one logs into people are given permissions to and log into their own accounts and connect to the Shared account.

 

If you really need a common account for all - which is a security risk since many people have the password - then you can use a distro list as the recovery email. An email address is an email address, MS shouldn't care where it goes. But it's for recovery purposes, right? So really it should go to the ADMIN, not a distro. In case a user changes the password by mistake and forgets - now the Admin can reset the password (which they could anyway of course).

 

If you mean it is for MFA / 2FA, then that's one more reason not to do that. You can have multiple people scan the QR code and add the account to the Authenticator App, but shared-password solutions (like LastPass) make more sense, where the password and OTP Code are stored/generated centrally. But if your account is insecure anyway - if the password is shared with many people - then why bother with MFA?

 

Except if you need MFA because you're a Partner and every account needs MFA, then the point is to be secure, right? And not share passwords. Then you're back to "don't do that" 🙂

 

    --Saul