Once your Account enabled MFA/2FA, first-time sign-in required to add information for account secure
Step1: Sign-in Webmail (https://portal.office.com)
Click Next
Step 2: Enter your Phone Number for verification
the select method is "Send me a code by text message" and click Next
Step 3: Verify your phone number with SMS code
you will receive SMS with 6-digit number for verification
Step 4. Your App Password
This is app password for some applications may not verify by SMS, so you need to use this password for sign-in. (e.g. Thunderbird Pop3/Imap, Rainlendar and Old Version Outlook 2013 and 2010)
You can Ignore it without record this password, later you can create a new one, but you can't retrieve this password.
If you are using Outlook 2013 or 2010, please record this password, your outlook will pop-up and you required this password for access email.
Click Done
MFA / 2FA was done!
- First time when you open Outlook and Webmail you need MFA to verify by SMS
- Your Mobile may popup 3-4 times for SMS verify because you need to verify all the Office 365 login such as Outlook, Microsoft Teams, Onedrive, and Sharepoint. When it automatically popup ask few times for MFA SMS, you can't identify which SMS verification code for which apps. So you may need to sign out and sign in to verify the app's individual.
- Some application may popup request new password, but that the application does not support MFA, that means you will receive SMS verification code, but your apps is no area to enter the verification code, then you will reject by login processing, so you need to refer the Step4. and using Additional Apps Password for sign-in.
Additional Link
User Profile
https://account.activedirectory.windowsazure.com/r/#/profile
Change Password
https://account.activedirectory.windowsazure.com/ChangePassword.aspx
Additional security verification
https://account.activedirectory.windowsazure.com/Proofup.aspx
App Passwords
https://account.activedirectory.windowsazure.com/AppPasswords.aspx
Step 1: Sign-in your office 365 account
Step2: Goto App Passwords Page
https://account.activedirectory.windowsazure.com/AppPasswords.aspx
You can't retrieve the created password, you can create a new and delete the old one.
Step 3: Create a new App Password
Let say this password for thunderbird, just give it a name for the password
Remark:
This password after create and close the screen, you can't retrieve back the password, the only way is create a new password. So we are strongly recommended don't record this password on mobile/paper. If you record this password for next time using, this will break the MFA
Under Construction
For Enable MFA for User
Step 1: Login to Office 365 Portal and access the Admin > User Page
https://admin.microsoft.com/Adminportal#/users
Step2: Click Multi-factor authentication
You have four option:
- Enable / Disable
For the MFA enable or disable - Enforce
After multi-factor auth is enforced, users will need to create app passwords to use non-browser applications such as Outlook or Lync. For security reasons app passwords are not available to admins, who will be able to sign in only with the browser.
-
Manage user settings
- Require selected users to provide contact methods again
-
MFA Default Turn On by Security
- Sign in to the Microsoft 365 admin center with global admin credentials.
- In the left nav choose Show All and under Admin centers, choose Azure Active Directory.
- In the Azure Active Directory admin center choose Azure Active Directory > Properties.
- At the bottom of the page, choose Manage Security defaults.
- Choose Yes to enable security defaults or No to disable security defaults, and then choose Save.
Remark:
- Default is Enable all user login Webmail will popup for MFA, user can skip but will force after a grace period.