How to Set Up O365 Multi-Factor Authentication

Framework IT recommends that all clients enable 2-factor authentication for your company in O365. This adds an extra layer of security to your account by asking you to verify your identity when you enter your username and password. 

1. For pre-enrollment, navigate to https://aka.ms/MFASetup

     1a. For normal login, navigate to https://portal.office.com

2. Enter username (Email address) & password

3. Click Next to continue w/ the setup

MFA Setup 

Step 1 (Required): Choose your default method of communication. You can choose between:

  • Authentication phone (usually mobile)
  • Office phone (usually offline line)
  • Mobile app (Microsoft Authenticator app)

The Authenticator App is preferred. Download the app for your phone:

  1. Choose “Authenticator App” and click “Configure”
  2. Install the Microsoft Authenticator app on your phone
    1. Android
    2. iPhone
  3. Once installed, open the app:
    1. Choose “Authenticator App”
    2. Choose “Add Account”
    3. Work or school account
    4. Scan the QR code on your computer screen
    5. Enter the code given to complete the process

Next, we will choose Authentication phone, and fill in the appropriate fields to continue using our mobile phone number:

Then verify the code sent to you:

During the process, if presented with an initial app password, please save & document for later use (if needed). Click Done. If not prompted that’s okay, instructions at bottom to obtain later:

Step 2: Configure other methods by following the steps (Recommended)

You’re able to change your preferred DEFAULT method at the top at any time but the app is preferred:

The other options circled in green you can enable and configure by following the steps in orange 1-4. It is advised to configure these, so you have multiple options when authenticating!

After setting up multiple methods including the “Authenticator” app, you will save and verify before being redirected to your Windows Azure profile screen to review & adjust settings as needed:

The new Sign-in process will look like this:

Receive text message with code to enter and authenticate back into the MFA portal:

It will use your default method first, if you prefer to change the default method, go here and change it.

**Note: Some applications do not support MFA – such as Apple iOS’s native Mail app. These applications require what’s called an App Password**

App passwords are secure, random 16-character codes that gives an app or device permission to access your Office 365 account, which bypasses the MFA requirement.

Each MFA authentication per app is good for UP TO 90 days. Here’s some things that could force you to re-authenticate:

  • If you sign in and out again in Office clients
  • Don’t login for 14 days on that device
  • Change your password
  • Administrators can apply conditional policies to restrict the resource the user is trying to access
  • Swap between Office 365 accounts

Do you have more questions on IT security? Click here to connect with one of our security specialists.