Enable Office 365 MFA and be safe

Quick guide for Office 365 MFA. Includes admin and user tasks in brief.

Admin: Enable Office 365 MFA

  1. Go to Admin Portal 
  2. Users – Select the user
  3. Office 365 MFA option in User properties
  4. Select user(s) again and click the Enable button
  5. That’s it. Now it is the user’s turn to take the next steps

User: Enable Office 365 MFA – first time only

  1. You must go to a browser – incognito / InPrivate / private mode
  2. Go to https://portal.office.com
  3. Login as usual.
  4. Click Next in the Additional Information dialog
  5. Now there are many options and this can be a confusing step
  6. Open the dropdown choose Mobile App and Choose Receive Notifications for verification option

    Choosing the Mobile App autentication option

  7. Click the Set Up option. After some processing, it will show a QR code
  8. Now it is time to download and install the Microsoft Authenticator App on mobile (Android and iOS)
  9. Open the app and from the top right menu, choose Add Account – Work or School Account
  10. Scan the QR code
  11. Now it will register the account on the mobile and you will see a 6 digit code which keeps changing every 30 seconds (does not require internet connection)

    Mobile account registered showing authentication code

  12. Now click Next on the browser side.
  13. You will now receive an notification on the mobile phone.
    Choose the Approve option.

    image

  14. Now the MFA is configured.
    Please note, the displayed 6 digit number is NOT REQUIRED to be entered anywhere. This is because, we are using the Receive Notification for Verification option.
  15. In the next step, it will ask another number for verification in case you lose your mobile. Add a different number here.  Click Next.

Special password for Outlook and Skype for Business

Outlook client and Skype FB does not support MFA. Your regular account password will stop working as soon as MFA is configured. Outlook will keep asking for your password and your regular password will not work. Now you have to use a special password.

That is the one shown to you in the next dialog as Step 4. Copy that password and use the same password it for Outlook and SFB. Use one password for laptop and one for desktop / mobile, etc.

If you use any ActiveSync client on mobile, that will also require a password. Technically you can use this password, but it is better to create another one.

How to do that? Go to Portal.Office.com, click on your photo, go to My account – Security – You will see a Create App Passwords option. Create a new one from there and use it.

User: Regular Office 365 MFA login

Now onwards, MFA is enabled. Now login using two steps

Step 1: Login using UID PWD as usual.

Step 2: Immediately, you will receive the Approval notification on mobile.

Congratulations

Chances of your account being hacked reduced by 99% now.

Share this with everyone you love and make their digital lives also safer.

Lock picture

Comments? Suggestions? Wish list?