To skip straight to the instructions, click here
Some background information to kick off these instructions:
- MFA or 2FA stop around 99% of hacking attempts on your online account(s)
- MFA or 2FA is free and easy to use
- You should be using MFA or 2FA on all online accounts that provide this facility, not just Microsoft 365
MFA in Microsoft 365
Your Microsoft 365 (M365) account gives you access to business data. Emails, contacts, personal files in OneDrive, business files in Teams & SharePoint. Your M365 is a treasure trove of information, and it is a target for hackers, criminals, extortioners, thieves etc...
Multi-Factor Authentication (MFA) is an additional layer of security for your Microsoft 365 account. Not only is your account secured with your username (normally your business email address) and a password (hopefully a strong password), but MFA requires that an additional piece of information is needed to gain access to your account, and in turn the data stored in it.
The additional piece of information is either a code that is generated or sent to you at the point of sign-in such as a text message, or it can be a 'push notification' for you to approve on a device that is in your possession such as your smartphone.
Multiple options are available with Microsoft's MFA solution. A code/prompt can be sent to you as:
- A notification sent to your smartphone device to press Approve (this is the preferred most secure method)
- A text/SMS message sent to your mobile with a one-time code
- A phone call with a prompt to press #
When PS Tech setup M365 for your organisation, we turn on MFA for all users by default. When you sign in to your M365 account for the first time, you will be required to set up your MFA so that your account is secured. This is a simple process of installing the free Microsoft Authenticator app on your smartphone, and providing a mobile number for text message codes to be sent to.
Once set up, and once you have added your account to your devices, you will find that MFA is not a barrier and creates very little friction accessing your account. You will only be prompted to approve Sign In whenever you access your account from a new device or browser.
You will need to download and install the Microsoft Authenticator app onto your smartphone in advance which you can download for free from the Apple App Store or Google Play Store on your device. Just search the store for Microsoft Authenticator. It looks like this:
Google Play Store
Apple App Store
You will then need the following before you continue with these instructions:
- Successfully installed the Microsoft Authenticator app on your smartphone
- Your Microsoft 365 username (usually your email address).
- Your Microsoft 365 password.
- A smartphone with service (as you will receive a text message)
Only continue once you have these 4 things ready
- On your computer (PC or Mac), open your preferred web browser and go to: https://www.office.com
- Sign in to your account with your M365 username/email address and password
- On the first sign-in, you will be prompted for more information. Click Next
- To set up your security and keep your account secure by setting up MFA, click Next.
- On your smartphone, open the Microsoft Authenticator app. If prompted on the smartphone, Allow Notifications, then select the Plus Sign '+' to add your first account
- On your smartphone, choose Work or School account
- On your smartphone, Allow the app to take pictures and record video when prompted
- Back on your computer, click Next
- On your computer, you will be shown a QR code to scan. The camera should already be active on your smartphone. On your smartphone, point the camera at the QR code on your computer screen so that it can be scanned.
- On your smartphone, once the QR code has been scanned you should see a confirmation that this was successful. Press Got It
- On your computer, click Next
- The service will now check that it can send a notification to your smartphone.
- On your smartphone, check your notifications from Microsoft Authenticator. Press Approve when you receive the notification.
- On your computer you will see that the notification approval was successful. Click Next
- You will need to register your mobile number so that you can receive SMS message codes as a fall-back in case your Authenticator app is not available. Choose United Kingdom +44, and then enter your mobile number in the field provided. Click Next
- A 6-digit will be sent as an SMS/Text message to your mobile. Enter the code you receive on your computer in the field called 'Enter code', then click Next
- You will now see that your mobile number for SMS messages has been registered successfully. Click Next
- The final confirmation screen should read that you have successfully registered your mobile number for SMS MFA codes and the Microsoft Authenticator app for push notifications as your two MFA methods of security. Click Done.
We just need to sign in to your Microsoft 365 account to confirm all of the security is working.
- You should see a prompt after clicking Done above to re-enter your Microsoft 365 password. Enter your password and click Sign In
- You will receive a push notification on your smartphone. On your smartphone, press Approve
- Once the notification has been approved on your smartphone, on your computer click Yes to remain signed in. If you access multiple Microsoft 365 accounts on your computer, you may want to select No
You will now be in your new Microsoft 365 account.