Blogs about: Microsoft Teams, backgrounds, Intune, OneDrive, Exchange, Azure AD, Windows 10, Security, Tenant, Exchange, best-practice, tips & tricks

🔐 How to activate Multi-Factor Authentication (MFA) in Microsoft Office 365?

1. Why Multi-Factor Authentication?

Microsoft already wrote it in their security blog. You have 99.9 percent less chance that an untrusted person can access your Office 365 account if you don't have an MFA.

A second factor is really necessary. Hackers often already have your password in their possession.

Activating MFA to protect your identity is therefore important. If someone gains access to your mailbox, this person can also misuse your identity. It is recommended to protect not only your mailbox but also your Google Account, your Facebook, PayPal and other accounts you use.

2. What is Multi-factor Authentication?

Multi Factor Authentication (MFA) is a way of providing authentication by using an additional factor. Or multiple factors.

Something someone KNOWs such as a password or a pincode

Something someone HAS such as a mobile phone, a 'fido2' hardware token

Something that someone IS such as their Biometrics: fingerprint or facial recognition.

3. How to enable multi-factor authentication as a user - New way

Here you can set up your MFA as an end user and adjust settings. At the bottom of the page you can, as an IT-Administrator, roll out the entire organisation with MFA.

Browseto: https://aka.ms/mfasetup and open the Microsoft Multi-Factor Authentication page.

Login with your current account.


Click on next


Install the Microsoft Authenticator app on your iPhone or Android phone.


Press next


In the mobile application, select Add work or school account.


Scan the QR code


Scan the QR Code via the Authenticator App - mobile


And now a short test by Microsoft.


The activation has succeeded! Test in an inprivate browser whether everything is correct after the activation to make sure nothing went wrong.


4. Enable MFA for users - or reset current settings

Browseto: https://aka.ms/mfasetup and open the Microsoft Multi-Factor Authentication page.

Login with your current account.


Click on next

Choose authenticator app or token - Setup Authenticator App


Install the Microsoft Authenticator app on your iPhone or Android phone.

In your mobile app, press the plus at the top to add a work account


Scan the QR code you get by pressing Set Up Authenticator App


The code appears in the web browser.


Thenscan the code


Click on next.

You get a prompt on your phone click Accept.

From now on, your mobile device is known as 2nd factor. This does not necessarily mean that your IT Administrator has set policies to make this a standard from now on. But you are already ready to use MFA.

Using the Authenticator App as your primary login method

At https://aka.ms/mfaset up you can choose to give the alerts via the authenticator app or via a text message.

It is recommended to use the app as it is very user-friendly and gives more possibilities on your smartphone - and more security!

You can make this adjustment in the screen below. After you have logged on to https://aka.ms/mfasetup


Have fun with MFA!

The above guide enables users within your organisation to activate MFA themselves. Unfortunately, that is not enough. If you want to do it right, and you are an IT-Administrator, you can work with Azure AD Security Defaults.

5. Enabling location data and key agreement for Azure MFA

Enabling Location Data and Code Matching for Azure MFA with Contextual Data is a feature that allows users to add an extra layer to the validation process. More information can be found here: Enable Location Information and Code Match for Azure MFA - JanBakker.tech

6. Enabling multi-factor authentication for your entire organisation can be done in one click with Azure AD Security Defaults

Registration Multi-Factor Authentication

All users in your Tenant will need to register for multi-factor authentication (MFA)

Users have 14 days to register for Multi-Factor Authentication using the Microsoft Authenticator app.

After these 14 days, the user must not log on with MFA until registration is complete.

Enforce Multi-Factor Authentication

Secure administrators. After the above registration with Multi-Factor Authentication is complete , all Azure AD administrators will need to perform additional authentication each time they log on.

Secure all users

All users of MFA are provided with crucial to be 100% sure that all accounts are under control.

Block outdated verification!

Older Office clients that cannot use modern authentication (e.g. an Office 2010 client).

Any client using older e-mail protocols, such as IMAP, SMTP or POP3.

Block it, then.

Conditional access

Example 1: Provided that we know your device, you do not need to do an MFA.

Example 2: Provided that you work on the ip-address of our organisation you do not need to do an MFA.

Conditional access = To give access to a service on condition of.

How can you enable these Security defaults?

Activation can be done via this blog: a short explanation can be found below.

Log in to theAzure Portal as a security administrator, conditional access administrator, or global administrator.

Browse to Azure Active Directory-> Properties -> Manage Security defaults. Select Manage default security settings. Set the Enable default settings option to Yes. Select Save.

Animated image showing the number of malware attacks and data breaches organizations face every day. 4,000 daily ransomware attacks. 300,000,000 fraudulent sign-in attempts. 167,000,000 daily malware attacks. 81% of breaches are caused by credential theft. 73% of passwords are duplicates. 50% of employees use apps that aren't approved by the enterprise. 99.9% of attacks can be blocked with multi-factor authentication.

Also read30 Security blogs. Teams tips and Microsoft Teams security must-haves in 4 steps.

About the author

Tagged: , , , , , , , , Microsoft , , ,
0 0 votes
Product review
Please let us know if there are

1 Comment
Latest Most Voted
Inline feedbacks
See all comments

[DocsConfigure authentication session management - Azure Active Directory | Microsoft DocsHow to activate Multi-Factor Authentication (MFA) in Microsoft Office 365? (365tips.be) (English [...]

Would love to know your thoughts, please leave a comment.x
%d bloggers liked this: