Healthcare companies that use Microsoft Exchange are able to send HIPAA compliant email by integrating with a service such as Paubox Email Suite. But it's also a good idea to enable Two-factor authentication (2FA) for your Exchange account, which may contain sensitive information. In this tutorial, you'll learn how to enable 2FA for Microsoft Exchange using Azure AD Multi-Factor Authentication.
Read more: How do I enable 2FA for Microsoft 365?
Why you need 2FA
2FA is an extra step to confirm a person's identity before giving them access to potentially sensitive data like protected health information (PHI) . While passwords can be stolen in hacks or successful phishing emails , 2FA helps prevent cybercriminals from gaining access to an account since it's unlikely that they will have the second authentication requirement.
Read more: What’s the difference between 2FA and MFA?
How to enable 2FA for Microsoft Exchange
First, you need the Azure AD Premium license to enable 2FA. You'll also need to use an account with global administrator privileges to complete this action. Then you'll need to complete the following steps once you sign in:
- Select "Azure Active Directory"
- On the left-hand navigation menu, click "Security"
- Choose "Conditional Access" and then "+ New policy"
- Enter a name for the policy (Ex. Exchange 2FA)
- Under "Assignments", choose "Users and groups"
- From here, click either "All users" or "Select users and groups" if you want to enable 2FA for only select email addresses
- Click "Done"
After you've done the above steps, you'll need to configure the settings for 2FA to access Microsoft Exchange. Here's how to do it:
- In the left-hand navigation menu look under "Assignments" and click on "Cloud apps or actions"
- Click on "Select apps"
- Choose "Select" and use the search bar to find Exchange. Once you find it, click on "Select" and then "Done"
- Go back to the left-hand navigation menu and select "Grant" under "Access Controls"
- Click on "Require multi-factor authentication"
- Select "On" for "Enable policy" to see how the configuration affects users
- Click on "Create"
People will be prompted to set up two-factor authentication the next time they try to log in. For a more in-depth explanation, check out this page in the Microsoft help center.
Use Paubox for HIPAA compliant email security
When it comes to HIPAA compliant email , healthcare professionals need to ensure the protection of PHI sent to a recipient’s inbox. Paubox Email Suite transmits all emails with blanket TLS email encryption , an effective safeguard against a data breach because no one besides the intended recipient will be able to access the message. This enables your healthcare business to email directly to your recipients’ inboxes without violating HIPAA—no password or portal required.
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.