This article explains how to set up and use Microsoft 365 MFA to protect your data and account information.

What to Know

  • Go to Office.com in a browser and sign in. Select your avatar. In the drop-down menu, choose My Account.In the Security section, select Update. In the next screen, under Two-step verification, select Turn on (or Manage if it is turned on).Choose Set up two-step verification and follow the prompts.

How to Turn On Microsoft 365 Multi-Factor Authentication

It’s a dangerous world out there, especially online, and you shouldn’t trust your username and password alone for access to critical apps and services like Microsoft 365 (formerly Office 365). To ensure that your data and account information remains safe and secure, enable and use multi-factor authentication. Here’s what you need to know about multi-factor authentication (and its close relative, two-factor authentication) for Microsoft 365.

Here’s now to set up Multi-factor Authentication for Microsoft 365:

  • Open Office.com in a web browser. If you’re not already signed in, log in now.
  • Click your account avatar in the upper-right corner of the window and then, in the drop-down menu, click My account.
  • In the security section, click Update.
  • In the banner at the top of the page, you should see Two-step verification. To start the process to turn it on, click Turn on. If it’s already on, click Manage.
  • On the additional security options page, in the Two-step verification section, click Set up two-step verification.
  • Read all the two-step verification instructions and click Next.
  • There are some special rules if you still use a Windows Phone version 8 or older. Specifically, you may need to set up a special app password, though it’s unlikely this applies to you, since Windows Phone 8 is an obsolete model that is no longer supported by Microsoft.
  • Once you turn on two-step verification, by default your second form of verification will be entering a code from a text sent to your phone. If you prefer, you can enable an authentication app like Microsoft Authenticator, Google Authenticator, or Authy.
  • To do that, install the app you want to use on your phone and then click Set up identity verification app in the Identity verification apps section of the page.
  • You can also log in using a Windows Hello fingerprint scanner or face recognition camera to sign in to Microsoft 365 on devices with compatible sensors (most modern Windows laptops have some form of Windows Hello installed). To turn that on, click Set up Windows Hello in the Windows Hello and security keys section.

What Is Multi-Factor Authentication?

Multi-factor authentication (aka two-factor authentication or 2FA) is sort of what it sounds like: It’s a security scheme that requires users to provide multiple forms of authentication to log into an app or service. But what is a form of authentication? Security experts put all the various methods of login into an app or service into four general categories:

Open Office.com in a web browser. If you’re not already signed in, log in now. 

Click your account avatar in the upper-right corner of the window and then, in the drop-down menu, click My account.

In the security section, click Update.

In the banner at the top of the page, you should see Two-step verification. To start the process to turn it on, click Turn on. If it’s already on, click Manage.

On the additional security options page, in the Two-step verification section, click Set up two-step verification. 

Read all the two-step verification instructions and click Next.

There are some special rules if you still use a Windows Phone version 8 or older. Specifically, you may need to set up a special app password, though it’s unlikely this applies to you, since Windows Phone 8 is an obsolete model that is no longer supported by Microsoft. 

Once you turn on two-step verification, by default your second form of verification will be entering a code from a text sent to your phone. If you prefer, you can enable an authentication app like Microsoft Authenticator, Google Authenticator, or Authy.

To do that, install the app you want to use on your phone and then click Set up identity verification app in the Identity verification apps section of the page. 

You can also log in using a Windows Hello fingerprint scanner or face recognition camera to sign in to Microsoft 365 on devices with compatible sensors (most modern Windows laptops have some form of Windows Hello installed). To turn that on, click Set up Windows Hello in the Windows Hello and security keys section. 

  • Knowledge includes information you traditionally memorize or use a tool to store for you, such as a username, password, and PIN.
  • Possession is characterized as information or technology you typically carry on your person and is therefore difficult for someone else to get access to. Examples include one-time codes sent to your phone for immediate use or a code generated by an authenticator app like Google Authenticator.
  • Inheritance is typically biometric data that, for all intents and purposes, is unique to you, such as fingerprints, face recognition, or voice prints.
  • Location is authentication that relies on knowing where you physically are (compared to where you should be) at the time you’re attempting to log into the service.

In general, multi-factor authentication is any login technique that relies on two or more of these. Two-factor authentication is a special case of multi-factor authentication that only uses two types, such as a username and a one-time code. For clarity, some security experts say that multi-factor authentication is defined as using three or more. Microsoft, however, refers to its two-factor authentication system as multi-factor authentication.

Get the Latest Tech News Delivered Every Day