Office 365 Multi-Factor Authentication (MFA/2FA)

Under construction

Once your Account enabled MFA/2FA, first-time sign-in required to add information for account secure

 

Direct goto MFA Setup Page

 

Step1: Sign-in Webmail (https://portal.office.com)

Click Next

---

Step 2: Enter your Phone Number for verification

the select method is "Send me a code by text message" and click Next

---

Step 3: Verify your phone number with SMS code

you will receive SMS with 6-digit number for verification

---

Step 4. Your App Password

This is app password for some applications may not verify by SMS, so you need to use this password for sign-in. (e.g. Thunderbird Pop3/Imap, Rainlendar and Old Version Outlook 2013 and 2010)

You can Ignore it without record this password, later you can create a new one, but you can't retrieve this password.

If you are using Outlook 2013 or 2010, please record this password, your outlook will pop-up and you required this password for access email.

Click Done

---

 

MFA / 2FA was done!

1. First time when you open Outlook and Webmail you need MFA to verify by SMS
2. Your Mobile may popup 3-4 times for SMS verify because you need to verify all the Office 365 login such as Outlook, Microsoft Teams, Onedrive, and Sharepoint. When it automatically popup ask few times for MFA SMS, you can't identify which SMS verification code for which apps. So you may need to sign out and sign in to verify the app's individual.
3. Some application may popup request new password, but that the application does not support MFA, that means you will receive SMS verification code, but your apps is no area to enter the verification code, then you will reject by login processing, so you need to refer the Step4. and using Additional Apps Password for sign-in.

 

Additional Link
User Profile
https://account.activedirectory.windowsazure.com/r/#/profile

Change Password
https://account.activedirectory.windowsazure.com/ChangePassword.aspx

Additional security verification
https://account.activedirectory.windowsazure.com/Proofup.aspx

App Passwords
https://account.activedirectory.windowsazure.com/AppPasswords.aspx

Step 1: Sign-in your office 365 account

https://portal.office.com

Step2: Goto App Passwords Page

https://account.activedirectory.windowsazure.com/AppPasswords.aspx

You can't retrieve the created password, you can create a new and delete the old one.

Step 3: Create a new App Password

Let say this password for thunderbird, just give it a name for the password

 

Remark:

This password after create and close the screen, you can't retrieve back the password, the only way is create a new password. So we are strongly recommended don't record this password on mobile/paper. If you record this password for next time using, this will break the MFA

Direct goto MFA Setup Page

Step 1:

Sign-in your office 365 account https://portal.office.com

After Sign-in click right upper corner Icon then select "View Account"

 

 

Step 2:

Click Update Info

 

Left Menu select "Security Info" then click "Add sign-in method"

 

Step 3: Add Mobile Phone

After click "Add sign-in method" select "Phone"

 

Step 4.

select or mobile phone correct country and type your mobile phone number then next

 

Step 5.

You should receive SMS on your mobile

Step 6.

Enter the SMS Verification code 6-digits and click Next

 

Step 7.

Done

 

 

Step 8.

Click Add Sign-in method select Authenticator Apps

Step 9.

Using Mobile Phone download "Microsoft Authenticator apps" and Next

Step 10:

Use your mobile phone Microsoft Authenticator Apps to scan the QR code then next

 

Step 11: (Operate on your mobile device)

After download the Apps, Open it and click +

 

Step 12:

Select Work or school account

and

Click Scan QR code

 

Step 13:

Scan the QR Code

 

Step 14:

Approve it

 

Step 11

Approve on mobile phone apps then next to finish

 

Step 11:

Final please select "Set default sign-in method" better is using Microsoft Authenticator for notification

 

 

 

Step 12:

Email to inform your Administrator to enable MFA for your A/C.

When MFA was enabled, any equipment first time to sign-in Office 365 account will required MFA authentication.

 

For Enable MFA for User

Step 1: Login to Office 365 Portal and access the Admin > User Page

https://admin.microsoft.com/Adminportal#/users

Step2: Click Multi-factor authentication

 

You have four option:

1. Enable / Disable
   For the MFA enable or disable
2. Enforce
   After multi-factor auth is enforced, users will need to create app passwords to use non-browser applications such as Outlook or Lync. For security reasons app passwords are not available to admins, who will be able to sign in only with the browser.
3. Manage user settings
   - Require selected users to provide contact methods again
   - Delete all existing app passwords generated by the selected users
   - Restore multi-factor authentication on all remembered devices

---

MFA Default Turn On by Security

source:https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide

1. Sign in to the Microsoft 365 admin center with global admin credentials.
2. In the left nav choose Show All and under Admin centers, choose Azure Active Directory.
3. In the Azure Active Directory admin center choose Azure Active Directory > Properties.
4. At the bottom of the page, choose Manage Security defaults.
5. Choose Yes to enable security defaults or No to disable security defaults, and then choose Save.

Remark:
- Default is Enable all user login Webmail will popup for MFA, user can skip but will force after a grace period.