Securing Office 365 and Azure with branded login

With the popularity of Office 365 and Azure, its no surprise that hackers try and target the customers of those services with a variety of phishing scams. One of the most common ploys is to to send an alarming message that says you need to “Log In NOW!!!” or you’ll lose access. Other variations want you to click links to verify your login information, respond to a security alert, etc.

Most of these emails have one goal – getting your login information so they can hack your account — so they can retrieve sensitive company information, install malware, send spam from your email account, or in hopes your email password is also your password for other services and applications. Many send you to a fake website that looks amazingly close to the standard Microsoft login page.

One simple way to combat these attempts to get user information is to ‘brand’ your login page for Office 365 and Azure. When you brand your login page, instead of the standard (and therefore easy to duplicate) Microsoft page, you’ll get a login page unique to your company. For example, our login page looks like this:

Hopefully, the first thing you notice is that the page doesn’t look anything like the standard Microsoft login page.

More importantly, its unique to our business… which means we’ve been able to tell our users that if they click and link and are directed to a sign-in page that DOESN’T look like our page — don’t trust it and don’t sign in. Its a nice way to help protect our users and our business — and our customers. And, I think it also helps us look just a little more professional.

Branding your Office 365

What can you ‘brand’?

Here is what you can brand:

• Background image – This is just what it sounds like. The image needs to be 1920x1080px and less than 300kb. We recommend choosing something that reflects your business or industry. We chose a royalty-free image from the web that we feel reflects the imagery in our business cards and logo. Keep in mind that whatever you choose, part of the image will be blocked by the actual login dialog.
• Banner logo – This is an image that appears at the top of the sign-in dialog and should be a 280x60px image. In most cases, this is going to be your business logo – which is what we used.
• Sign-in page text – Add custom text to your page. This is great for company policy notifications. We chose to remind people in our company that we can (and do) monitor their use of Office 365.
• Username hint – This is used to help people identify their sign-in name. I’m not a big fan of this one, since it potentially tells bad guys the format of your user names or other info they may use for nefarious purposes.

To update the branding, you’ll need to be a Global Administrator of your Azure AD. If you can’t perform these steps, your aren’t. If you are a customer of Tellus Consulting, get our help.

To add your branding to Office 365

1. Sign in to the Office admin portal at https://admin.microsoft.com with your Office 365 email address.
2. Select Show all.
3. Under Admin centers, select Azure Active Directory (and enter your credentials again).
4. In the left-hand menu, select Azure Active Directory.
5. Select Company branding.
6. Under Locale, select Default. (You can also add localized versions of the branding.)
7. Next to Sign-in page background image select the background image you want.
8. Repeat step 7 for the Banner logo.
9. Add some Sign-in page text that is specific to your organization. You can add some basic formatting – check the page Add branding to your organization’s sign-in page – Azure AD | Microsoft Docs for examples.
10. Don’t forget to select Save.

Need some help?

If you need some help adding branding to your Microsoft 365, give us a call. If you are a Tellus Consulting Office 365 subscriber, making updates like this is included in your subscription — you’ll still have to provide your own images though of course