We just rolled out Multi-Factor Authentication, reorganized authentication settings for agents and contacts, and made asset updates faster with inline edits and bulk actions.
A couple of months ago, we introduced Desk365 Premium with a set of advanced capabilities designed for teams with sophisticated workflows. Custom password policies were part of that release. Since then, we’ve gone further in building out Multi-Factor Authentication (MFA) and strengthening our authentication capabilities to make sign-ins more secure for both agents and end users.
As we roll this out, it became clear that features like MFA and password policies are essential for businesses to stay secure. How users authenticate, how access is controlled, and how security is enforced are critical for every helpdesk. And that’s not something we want to gatekeep.
So instead of limiting these to higher-tier plans, we’ve made them available to all Desk365 customers on any paid plan – Standard, Plus, or Premium.
This means every helpdesk now has access to stronger authentication methods, role-based controls, and more secure access management without needing to upgrade.
Here’s a breakdown of what’s being rolled out and how you can use these upgrades.
Multi-Factor Authentication across all plans
Desk365 supports Multi-Factor Authentication (MFA) for both your agent portal and your customer support portal. MFA adds a second verification step on top of a password, significantly reducing the risk of unauthorized access even if credentials are compromised.
- Authenticator apps: Agents and contacts verify using a time-based code from Microsoft Authenticator, Google Authenticator, Authy, etc. This is the primary method.
- Email OTP: A one-time password is sent to the user’s registered email. Acts as a backup method. OTPs are valid for 10 minutes.
When both methods are enabled, users can choose their preferred option at login. Configure MFA separately for agents and contacts from Settings > Security and Compliance.
How to enable:
Go to Settings > Security and Compliance > Agent Authentication > MFA (or Contact Authentication for the support portal). Toggle on Authenticator App, Email OTP, or both, then choose when the policy takes effect, immediately or on next login
Setting up MFA: what the experience looks like
a. Configure – The admin turns on the desired method and sets an issuer name, the label that appears inside the authenticator app to identify the account (e.g. “RTX – Support Portal”).
b. Enable – Admins choose to apply the policy immediately (all active sessions end, may take up to 30 minutes) or on next login (current sessions continue uninterrupted).
c. Authenticate – After entering their password, users scan a QR code with their authenticator app. A manual key is also displayed if scanning isn’t possible. The app then generates a verification code to complete the setup.
d. Save – Each user receives 10 one-time recovery codes for when they lose access to their authenticator app. These can be downloaded or copied and should be stored securely. If users lose access to their saved recovery codes, they can request new recovery codes from an admin. To prevent repeated or spam requests, recovery code requests are limited to once every two hours.
Role permissions for MFA management
Not every agent role can manage MFA settings. Access is controlled by two explicit permissions:
- Access to Agent & Contact Authentication: View and modify authentication settings, enable or disable MFA, configure portal login options, and manage password policies.
- Access to Agent Recovery Code and Reset MFA: View recovery codes for agents and reset MFA, essential for helping agents regain access if they’re locked out.
Important to note: MFA applies only to email and password logins, not to Microsoft Entra Single Sign-On sign-ins, which handle their own authentication.
In a world where stolen credentials are one of the most common causes of account breaches, MFA adds a critical second layer of verification, so even if a password is compromised, unauthorized access is stopped in its tracks.
Desk365 has long supported Microsoft SSO as a secure sign-in option for agents. We’re extending that same commitment to security to email and password logins, giving every user a robust, verified path into your helpdesk.
Learn more about setting up multi-factor authentication in Desk365.
Agent authentication settings, centralized
Agent authentication is now a dedicated settings area that consolidates everything related to how your agents sign in and stay signed in. Only admins or agents with the appropriate permission can access this area.
Settings > Security and Compliance > Agent Authentication
The page is organized into four sections, each controlling a distinct part of the agent login experience:
- Portal Access: Determines whether agents log in with email and password, Microsoft Entra Single Sign-On or both. To change the sign-in method, contact Desk365 Support to ensure it’s configured securely.
- Multi-Factor Authentication: Enable authenticator app, email OTP, or both. When both are on, agents choose their preferred method at each login.
- Password Requirements: Set minimum length, complexity rules, expiration periods, and reuse restrictions to enforce consistent password standards. Learn more.
- Session Configuration: Control how long agents remain logged in before being automatically signed out. Shorter timeouts reduce risk from unattended or shared systems.
Best practice : Enable MFA for all agents, enforce passwords of at least 8–12 characters with complexity requirements, set a session timeout appropriate to your environment, and use Microsoft Entra SSO for centralized identity management where possible.
Contact authentication for your support portal
Just as agents have a dedicated authentication settings area, contacts now have their own. This lets you define exactly how end users sign in to your support portal, separately from how your team does.
Settings > Security and Compliance > Contact Authentication
- Portal Access: Choose from three sign-in modes: allow both Microsoft 365 and email login, restrict to Microsoft Entra Single Sign-On only, or allow email and password only.
- Multi-Factor Authentication: Protect portal logins with authenticator app or email OTP. Note: if a contact signs in via Microsoft, MFA is managed by Microsoft, Desk365 MFA settings apply only to email-based logins.
- Password Requirements: Enforce consistent password standards across all contact accounts.
- Session Configuration: Define how long contacts stay logged in before automatic sign-out, especially useful for portals accessed from public or shared devices.
Password policy and session configuration, clarified
Desk365’s password policy settings have been refined to make navigation and configuration clearer.
Here’s where everything lives:
For agents
Security and Compliance > Agent Authentication > Password Requirements. Then set session timeout at Agent Authentication > Session Configuration.
For contacts
Security and Compliance > Contact Authentication > Password Requirements. Session duration is set at Contact Authentication > Session Configuration.
For both agents and contacts, you can configure minimum password length, complexity requirements, expiration periods, and reuse restrictions. Session configuration, available as a separate tab, lets you define an inactivity timeout to reduce risk from long-running sessions.
Learn more about configuring custom password policy in Desk365.
Support portal access configuration, simplified
We’ve moved the portal access settings to a more intuitive home. What was previously tucked inside the support portal configuration page now lives under Contact Authentication > Portal Access, where it makes more sense alongside your other authentication controls.
Inline editing and bulk actions in the asset list
Managing assets in Desk365 just got significantly faster. You no longer need to open each asset individually to update common fields. Several key properties are now editable directly from the asset list view.
The following fields now appear as editable dropdowns directly in the asset list:
- Impact: Update the impact level of an asset without opening it.
- Location: Reassign an asset’s location directly from the list row.
- Managed By Group: Change which group is responsible for an asset inline.
- Managed By Agent: Update the assigned agent for an asset without a full open-and-edit cycle.
Bulk actions in asset and software lists
Select multiple assets simultaneously and apply changes in bulk:
- Assign Group – Move multiple assets to a new managed group in a single action.
- Assign Agent – Reassign several assets to a different agent at once.
- Update Location – Apply a location change across a batch of assets simultaneously.
The same inline editing and bulk action capabilities are now available in the Software List as well, so you can manage software records with the same efficiency.
Learn more about setting up asset management in Desk365.
Our support team is here to help you configure MFA, set up authentication policies, and get the most out of the new asset management features. Reach out to us or explore the detailed help articles linked from each settings page.
AI Agent
Asset Management
Knowledge Base
Automations
SLAs
Customization
Ticket Assignment
Reports & Analytics
Approval Management
Helpdesk Security
Explore All Features
Banking and Finance
Healthcare
MSP
Government 
Non Profit
IT Services
Customer Support
Human Resources
Facilities
