Enable Microsoft 365 multifactor authentication or 2FA
what you need to know
- Go to Office.com in a browser and sign in. Select your avatar. From the dropdown menu, choose My account.
- In it Security section, select To update. On the next screen, under Two step verificationto select Turn on (either Manage if it is on).
- Choose Set up two-step verification and follow the instructions.
This article explains how to set up and use Microsoft 365 MFA to protect your data and account information.
How to enable Microsoft 365 multi-factor authentication
It’s a dangerous world, especially online, and you shouldn’t rely solely on your username and password to access critical apps and services like Microsoft 365 (formerly Office 365). To ensure that your data and account information remains safe and secure, please enable and use multi-factor authentication. Here’s what you need to know about multi-factor authentication (and its close relative, two-factor authentication) for Microsoft 365.
Now here’s how to set up multi-factor authentication for Microsoft 365:
Open Office.com in a web browser. If you haven’t signed in yet, sign in now.
Click your account avatar in the upper right corner of the window, then in the dropdown menu, click My account.
In the Security section, click To update.
In the banner at the top of the page, you should see Two-Step Verification. To start the activation process, click Turn on. If it’s already enabled, click Manage.
On the additional security options page, in the Two-Step Verification section, click Set up two-step verification.
Read all the two-step verification instructions and click Following.
There are special rules if you’re still using Windows Phone 8 or earlier. Specifically, you may need to set up a special app password, though this is unlikely to apply to you since Windows Phone 8 is an outdated model that Microsoft no longer supports.
Once you’ve enabled two-step verification, your second form of verification will default to entering a code from a text message sent to your phone. If you prefer, you can enable an authenticator app like Microsoft Authenticator, Google Authenticator, or Authy.
To do this, install the app you want to use on your phone, then click Set up the identity verification app in the Identity Verification Apps section of the page.
You can also sign in with a Windows Hello fingerprint scanner or facial recognition camera to sign in to Microsoft 365 on devices with compatible sensors (most modern Windows laptops have a form of Windows Hello installed). To activate it, click Configure Windows Hello in the Windows Hello and security keys section.
What is multi-factor authentication?
Multi-factor authentication (also known as two-factor authentication or 2FA) is pretty much what it sounds like: it’s a security scheme that requires users to provide multiple forms of authentication to log into an app. or a service. But what is a form of authentication? Security experts classify all the different methods of logging into an app or service into four general categories:
- Awareness includes information that you traditionally memorize or use a tool to store, such as a username, password, and PIN.
- Possession it is characterized as information or technology that you normally carry with you and, therefore, it is difficult for another person to access it. Examples include unique codes sent to your phone for immediate use, or a code generated by an authenticator app like Google Authenticator.
- Legacy it is generally biometric data that is for all intents and purposes unique to you, such as fingerprints, facial recognition, or voice prints.
- Location it is authentication based on knowing where you are physically (vs. where you should be) when you try to connect to the service.
In general, multi-factor authentication is any login technique that relies on two or more of them. Two-factor authentication is a special case of multi-factor authentication that only uses two types, such as a username and a one-time code. For clarity, some security experts say that multifactor authentication is defined as the use of three or more. However, Microsoft refers to its two-factor authentication system as multi-factor authentication.