OATH Hardware Tokens for Office 365 & Azure MFA

If your organisation is using on-premises Azure MFA server or the Office 365 cloud service enabled with multi-factor authentication with Azure MFA, and your users do not want to use or cannot use the Microsoft Authenticator app or SMS code, then you can use OATH hardware token as the alternative authentication device.

Deepnet SafeID hardware tokens are officially recommended by Microsoft for the Azure MFA customers and Office 365 users. Millions of users world-wide are using Deepnet SafeID hardware tokens as a multi-factor authentication device.

There are 2 types of OATH hardware tokens, pre-programmed and programmable tokens, and there are 2 types of Azure AD licenses, premium and basic. You have to select the right type of hardware token according to the type of Azure AD license that you have. For technical information in details on how SafeID hardware tokens work with Azure MFA and Office 365, click here for details.

Azure AD Premium (P1 & P2)

If you have Azure AD Premium (P1 or P2) license with your Office 365 subscription (if you are not sure, then click here to find out) , then you can use one of the pre-programmed SafeID hardware tokens below. With the pre-programmed token, you can quickly enroll and deploy tokens to your entire user base without involving your users at all.

How it works
Every one-time password (OTP) token generates different and unique numbers, that is because every token is programmed with a unique piece of code called secret or seed. Pre-programmed tokens are programmed at factory, and cannot be re-programmed. Pre-programmed tokens come with a token file that contains the secrets of all of tokens. The customer's system administrator will upload the tokken file onto their service account, such as Azure AD account, and assign tokens to their users. Once a token is assigned to a user, it is ready to be used by the user without further actions.

Azure AD Basic (Free)

If you do not have Azure AD Premium license, then your users can use the programmable hardware tokens below to replace the Microsoft Authenticator app.

How it Works
Every one-time password (OTP) token generates different and unique numbers, that is because every token contains a unique piece of code called secret or seed. Azure MFA for Office 365 generates the user’s secret and provides it as a QR code. Using a programming tool, the user’s secret can be programmed into a programmable hardware token by scanning the QR code. This process is exactly the same as that the user’s secret is installed into the Microsoft Authenticator or Google Authenticator app.

You can program hardware tokens using a Windows PC or laptop with a NFC Smart Card Reader, Android phone with NFC function, or iPhone with NFC function. Once a hardware token is programmed, it works on its own. It doesn't connect to your phone or the internet in order to generate one-time passwords.