What is MFA?
MFA – or multifactor authentication – is an additional piece of item or piece of information needed to login to a system. Common examples are codes sent by text message that you need to enter to access a banking app or other secure platform.
How does it work?
Microsoft 365 has multiple types of MFA you can add to your account to make it more secure, including the previously mentioned text (SMS) message method, however we recommend – and this guide is based on – using an Authenticator app. In this guide we use the free Microsoft Authenticator app but most popular ones will work, one Authenticator app will generally work for most systems supporting one-time passcode MFA.
How to setup MFA for a user account
A PDF copy of this guide is available to download here: https://seguro.ltd/wp-content/uploads/2022/05/Setting-up-MFA-on-Microsoft-365-Guide.pdf
Get an Authenticator
This guide assumes you have installed an Authenticator app on your mobile device before proceeding beyond this step, if you haven’t, you’ll need to do so now, links to popular ones are:
Android Store: https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en&gl=US
First off, open an Internet browser and go to https://www.office.com/ then click the sign in button in the top right-hand corner.
Enter the credentials provided by your system administrator or IT team, this will typically be an email address.
First time login
If this is the first time you have logged in to the account, you may be prompted to change your password (so that the person you created the account and/or sent you the password no longer has access to your account).
Enter the existing password, then enter a new password (and confirm it) that is in keeping with your company password policy.
At the time writing, the advice from the NCSC and NIST organizations is to use three or four random works (for example PlaneButterCoast is considered strong).
Add MFA to your account
When logging in your should be prompted with a dialog box asking you to Help us protect your account, click Next to proceed.
Your browser will be redirected to mysignings.microsoft.com to start the wizard, you are prompter to install an Authenticator – assuming you have done this, click Next.
On the Set up your account dialog box, click Next, you will be presented with an QR code similar to this one:
On the authenticator app on your mobile device, click the 3 dots in the top-right corner and press Add account.
Press Work or school account
Press Scan a QR code
Point your mobile device’s camera at the QR code on the screen.
The application will automatically register your Office 365 account in the authenticator app, click next on the screen and you will be prompted to try out the authentication mechanism:
You should receive a notification on the authenticator app on your device, press Approve.
A confirmation message will appear on the screen to confirm the MFA approval was successful!
Congratulations! You have now used MFA!
Now you have setup MFA for your account, will be asked to approve your logins after entering your password:
Depending on your organization security settings, this could be every time, every few weeks or just whenever you login from an unknown/untrusted device.