Cybersecurity Blog

5 min read

Office 365 MFA Setup: Step-by-Step Instructions

Sep 16, 2019 1:55:00 PM

With 81 percent of data breaches being due to weak, reused, or stolen passwords, turning on Multi-Factor Authentication (MFA) for all of your apps is necessary. In this article, we'll show you how to setup MFA for your Office 365 account paired with the Microsoft Authenticator smartphone app.

While setting up MFA is an essential step, it is only one portion of a five step comprehensive email security strategy. This blog is the 5th post of a 5 post series titled Your Complete Guide to Microsoft Email Security. The 5 steps to email security are:

  1. Configure DKIM, DMARC, SPF
  2. Deploy EOP (Exchange Online Protection)
  3. Set up Office Message Encryption
  4. Enable Office 365 ATP (Advanced Threat Protection)
  5. Enable Office 365 MFA with Authenticator App (this post)

Microsoft Authenticator App

What is MFA? Follow the link to read a quick blog about what MFA is and why you need it.

While you can authenticate by typing in a 6-digit verification code sent your phone or email address, having to jump back and forth between tabs and apps and then typing out the code is really annoying. The Microsoft Authenticator app alleviates this poor end user experience.

Benefits of the Microsoft Authenticator App

  • Secure
  • Available for iOS and Android devices
  • Can approve an MFA request even if you have no cell coverage
  • Can approve an MFA request even if you have no wireless coverage
  • If you have a limited SMS Plan and have wifi, you will not be using your SMS plan to get authenticated
  • The best of all, Microsoft delivers the best MFA experience. You just need to click a button to MFA, no need to read, remember, and type a 6-digit code

Office 365 MFA Step-by-Step Setup

Before we begin, you or your IT administrator must have enabled MFA and the Azure feature called “Users can use preview features for registering and managing security info – enhanced” before being able to follow the steps below.

Let’s get started!

  1. Go to https://office.comoffice.com
  2. Click on Sign in
  3. Type your username and click Nextoffice.com sign in page
  4. Type your password and click on Sign in
  5. You will now be required to provide more information and start enrolling your device against your Office 365 account.
    1. Click Next in the screen belowoffice.com mfa more info required
  6. You will now be presented with a wizard to install the Microsoft Authenticator app on your phone

Microsoft Authenticator app setup

microsoft authenticator setup part 2

Once you have downloaded the app, please make sure you allow the Microsoft Authenticator app to use your camera (if asked). If the app cannot use the camera, you will not be able to complete the setup correctly. Once the app is installed, you will need to set up your account to connect to the app.

Microsoft Authenticator QR code

Now that the app has been registered against your account, let’s validate that it has been set up correctly

Microsoft Authenticator notification

You will receive a ‘pop up’ notification from Microsoft Authenticator. You will need to press the Approve button to move forward. The nice thing is that, compared to SMS, MFA does not require you to type any number, making the process faster and easier.

Microsoft authenticator approve sign-in

If the setup is successful, you will receive the following confirmation: “Notification approved”

Microsoft Authenticator setup finished

Now, you will set up a backup option: the normal MFA via SMS. You will be asked to enter your mobile phone number and decide if you want to have your validation done via an SMS or by having Microsoft call you.

Microsoft Authenticator back-up phone

In the example below, I have chosen the SMS option. Once you receive the SMS, enter the 6 digit code and click Next

Microsoft Authenticator backup phone verification

When successful, you will receive the following screen “SMS verified successfully”

Microsoft Authenticator SMS verified

You are now ready to use Microsoft Authenticator as the default sign-in method

Microsoft Authenticator complete setup

Congratulations! You have taken the final step in our four steps to email security series! Missed a step? Here's what you need:

For complete email security you should:

  1. Configure SPF, DMARC, and DKIM
  2. Deploy Exchange Online Protection
  3. Set up Office Message Encryption (full post coming June 2020)
  4. Enable Office 365 Advanced Threat Protection 
  5. Enable Office 365 MFA (this blog post)

Questions? Comments? Leave your thoughts below or feel free to:

Schedule a meeting

Curious how your security stacks up? Take our free, five-minute cybersecurity risk calculator quiz here: 

What's your cybersecurity risk?

Bruno Lecoq
Written by Bruno Lecoq

Chief Information Security Officer

Post a Comment