Once your Account enabled MFA/2FA, first-time sign-in required to add information for account secure
Step1: Sign-in Webmail (https://portal.office.com)
Step 2: Enter your Phone Number for verification
the select method is "Send me a code by text message" and click Next
Step 3: Verify your phone number with SMS code
you will receive SMS with 6-digit number for verification
Step 4. Your App Password
This is app password for some applications may not verify by SMS, so you need to use this password for sign-in. (e.g. Thunderbird Pop3/Imap, Rainlendar and Old Version Outlook 2013 and 2010)
You can Ignore it without record this password, later you can create a new one, but you can't retrieve this password.
If you are using Outlook 2013 or 2010, please record this password, your outlook will pop-up and you required this password for access email.
MFA / 2FA was done!
- First time when you open Outlook and Webmail you need MFA to verify by SMS
- Your Mobile may popup 3-4 times for SMS verify because you need to verify all the Office 365 login such as Outlook, Microsoft Teams, Onedrive, and Sharepoint. When it automatically popup ask few times for MFA SMS, you can't identify which SMS verification code for which apps. So you may need to sign out and sign in to verify the app's individual.
- Some application may popup request new password, but that the application does not support MFA, that means you will receive SMS verification code, but your apps is no area to enter the verification code, then you will reject by login processing, so you need to refer the Step4. and using Additional Apps Password for sign-in.
Additional security verification
Step 1: Sign-in your office 365 account
Step2: Goto App Passwords Page
You can't retrieve the created password, you can create a new and delete the old one.
Step 3: Create a new App Password
Let say this password for thunderbird, just give it a name for the password
This password after create and close the screen, you can't retrieve back the password, the only way is create a new password. So we are strongly recommended don't record this password on mobile/paper. If you record this password for next time using, this will break the MFA
Sign-in your office 365 account https://portal.office.com
After Sign-in click right upper corner Icon then select "View Account"
Click Update Info
Left Menu select "Security Info" then click "Add sign-in method"
Step 3: Add Mobile Phone
After click "Add sign-in method" select "Phone"
select or mobile phone correct country and type your mobile phone number then next
You should receive SMS on your mobile
Enter the SMS Verification code 6-digits and click Next
Click Add Sign-in method select Authenticator Apps
Using Mobile Phone download "Microsoft Authenticator apps" and Next
Use your mobile phone Microsoft Authenticator Apps to scan the QR code then next
Step 11: (Operate on your mobile device)
After download the Apps, Open it and click +
Select Work or school account
Click Scan QR code
Scan the QR Code
Approve on mobile phone apps then next to finish
Final please select "Set default sign-in method" better is using Microsoft Authenticator for notification
Email to inform your Administrator to enable MFA for your A/C.
When MFA was enabled, any equipment first time to sign-in Office 365 account will required MFA authentication.
For Enable MFA for User
Step 1: Login to Office 365 Portal and access the Admin > User Page
Step2: Click Multi-factor authentication
You have four option:
- Enable / Disable
For the MFA enable or disable
After multi-factor auth is enforced, users will need to create app passwords to use non-browser applications such as Outlook or Lync. For security reasons app passwords are not available to admins, who will be able to sign in only with the browser.
Manage user settings
- Require selected users to provide contact methods again
MFA Default Turn On by Security
- Sign in to the Microsoft 365 admin center with global admin credentials.
- In the left nav choose Show All and under Admin centers, choose Azure Active Directory.
- In the Azure Active Directory admin center choose Azure Active Directory > Properties.
- At the bottom of the page, choose Manage Security defaults.
- Choose Yes to enable security defaults or No to disable security defaults, and then choose Save.
- Default is Enable all user login Webmail will popup for MFA, user can skip but will force after a grace period.