This Article goes through the steps of setting up Multi-factor Authentication (MFA) for Microsoft 365.
Multi-factor Authentication adds additional authentication methods when logging into Microsoft 365. Having additional authentication methods adds extra security by preventing would-be attackers accessing your account, even if they have gained your login credentials.
The below guide will show you how to setup Microsoft Authenticator App and SMS Authentication to your account. We recommended to setup Microsoft Authenticator App as your primary method as this is the most user friendly method and use SMS authentication as your secondary (backup) method.
Set up the Microsoft Authenticator app to send notifications
On the Additional security verification page, select Mobile app from the Step 1: How should we contact you area.
Select Receive notifications for verification from the How do you want to use the mobile app area, and then select Set up.
The Configure mobile app page appears.Open the Microsoft Authenticator app, select Add account from the Customize and control icon in the upper-right, and then select Work or school account.
Note: If you receive a prompt asking whether to allow the app to access your camera (iOS) or to allow the app to take pictures and record video (Android). select Allow so the authenticator app can access your camera to take a picture of the QR code in the next step. If you don't allow the camera, you can still set up the authenticator app as described in Manually add an account to the app.
Use your device's camera to scan the QR code from the Configure mobile app screen on your computer, and then choose Next.
Return to your computer and the Additional security verification page, make sure you get the message that says your configuration was successful, and then select Next. The authenticator app will send a notification to your mobile device as a test.
On your mobile device, select Approve.
On your computer, add your mobile device phone number to the Step 3: In case you lose access to the mobile app area, and then select Next. Microsoft recommends adding your mobile device phone number to act as a backup if you're unable to access or use the mobile app for any reason.
From the Step 4: Keep using your existing applications area, copy the provided app password and paste it somewhere safe.
Note: For information about how to use the app password with your older apps, see Manage app passwords. You only need to use app passwords if you're continuing to use older apps that don't support two-factor verification.
Select Done.
Set SMS Authentication to send codes to your mobile device.
- MFA needs to be enabled by IT: If you wish to use MFA you will need to contact IT to request MFA is enabled for your account.
- Open and ‘incognito’ browser window and navigate to https://login.microsoftonline.com/
- Enter your AIE email address and password
- Upon successful login you will be presented with the following window:
- Click "Next" to proceed"
- You will be prompted to provide additional security verification, select the following:
Ensure the following fields are filled out:
Authentication Phone
Australia (+61)
Your mobile number*
*make sure you drop the first 0 (eg if your mobile is 0410 100 100, you would enter 410 100 100)- Method: "Send me a code by text message"
- Click "Next"
- If you have entered your number correctly, you will receive a SMS from Microsoft with your Verification code. Enter the code into the field and click Verify.
- IF all is successful, you will receive the following:
Set a Security Key (Yubikey)
Go to the My Account (microsoft.com) and sign in as you normally would.
Select Security Info > Update Info
Select Add Method
Select Use a security key.
Identify what type of key you have (USB or NFC) and select Next.
You will be redirected to the setup experience where you will insert or tap your key.
Create a PIN (or enter an existing PIN if you have already created one).
Take the follow-up action by touching either the button or gold disk if your key has one (or read the instruction manual to figure out what else it might be).
Name your security key so that you can distinguish it from other keys.
Sign out and open Microsoft Edge, select Use Windows Hello or security key instead, and sign in by inserting or tapping your key.
Now that MFA is enabled, you will be prompted to enter a SMS code every time you access Microsoft 365 from a new device, or periodically with a trusted device.
Related articles