Multi-Factor Authentication on Office 365

What is Multi-Factor Authentication?

Multi-Factor Authentication (MFA) or sometimes called two-step verification, is an advanced security layer included that makes it more difficult for hackers to get access and gain control of your account. MFA verifies your identity through a two-step process before granting you access to online applications. You may already be using MFA to protect online services such as your financial institution.

The two verification methods that are usually required to prove your identity are:

  • Information you know (like your username and password)
  • A unique device you have physical access to (like your mobile phone)

When logging in with MFA, you must supply your username/password AND prove that you are in possession of a trusted device (i.e. phone.)

Why MFA?

Data breaches are becoming more prevalent in today’s always-connected world.  It is getting harder to recognize the difference from a legitimate login screen and one that is setup as a phishing scheme to steal your username and password. Using MFA provides an additional layer of protection for your user account. Should someone guess your password or trick you into providing it by posing as a legitimate source, an attacker will still have an additional barrier preventing them access to company data. Only the user of a registered trusted device can lift this barrier, making MFA the preferred security method.

How Does It Work?

Username and password plus mobile app code equals access grantedWith MFA, you will need to provide an additional verification method to prove you have access to a trusted device. When logging into company online resources, you will be required to enter your username and password like normal. Then, you may also need to prove that you have access to a trusted device/phone that you previously registered. Only after completing the additional verification step using your trusted device will you be granted access.

Microsoft Office 365 MFA Sign-in Options

With MFA, you will need to provide an additional verification method to prove you have access to a trusted device. The verification methods available can be any of the following:

  • Click Approve from a mobile notification (preferred)
  • Enter a code received by SMS text message
  • Answer a registered phone number and press #

Keep reading. Instructions for configuring and logging in with each of these methods are detailed below.

First Login After MFA Is Enabled

0b5092f6 90ba 4c28 bff7 5c67bac4dca9Log into your account using your username and password by visiting portal.office.com. Your first login after MFA has been enabled will require you to setup your additional identity verification methods. To continue click the Set it up now button.

You will need to choose the default method you will use to verify your account. We recommend using the Microsoft Authenticator app on your mobile device that will allow you to simply tap Approve from a mobile notification. In addition to being the most secure method, the Microsoft Authenticator app will also allow you to get the verification code even if the device isn’t connected to a cellular network.

You should set up more than one verification method in case your primary method is unavailable. We also recommend setting up your mobile and office phone numbers as your alternate verification phone in case the Authenticator app is not working.

We recommend using the Microsoft Authenticator app as your default verification option. It is the quickest and easiest way to complete the login process.

Using this method will require that you download and install the Microsoft Authenticator app on your phone, tablet, or smart watch. The app is available for Windows Phone, Android, and iOS.

MFA setup step 1: How should we contact you?

  1. Select Mobile app from the drop-down list.
  2. Select Receive notifications for verification
  3. Click Set up.
    Setup additional security verification for mobile app notifications
  1. On your phone or tablet, open the Authenticator app and add an account.
    post 926 authapp addacount
  2. Specify that you want to add a work or school account. You may need to allow the Authenticator app permission to take pictures and record video. The QR code scanner within the app will then open. If your camera is not working properly, you can select to enter your company information manually.
    post 926 authapp allowcamera 168x300 1
  3. With your mobile device, scan the QR code displayed on your computer’s screen to register the mobile app.
  4. Tab Finish in the mobile app.  You should now see an item with a 6 digit code displayed.
  5. Click Next to close the set up screen.
  6. Ensure that the text next to the Set up button now displays Mobile app has been configured for notifications and verification codes.
    post 926 setup mobileapp configured
  7. Click Next.

MFA setup step 2: Let’s make sure that we can reach you on your Mobile App device

  1. You will now need to approve a mobile app notification to continue. A notification screen will open on your mobile device asking you to approve your sign in. Select Approve. After a brief moment, the web page should continue to complete the login process.
    post 926 mfa setup mobileapp step2 1 post 926 authapp approve

MFA setup step 3: In case you lose access to the mobile app

At this point, you are prompted to setup additional security verification. This is to prevent you from being locked out if for some reason the Authenticator app is not working properly or you have to replace your phone. Make sure to use your mobile phone number so you can verify your identity wherever you are.
post 926 mfa setup mobileapp step3 1

MFA setup step 4: Keep using your existing applications

The mobile registration process creates a default app password for you. Store this password to a safe location in case you need to use it for any applications that are unable to work with multi-factor authentication.

post 926 mfa setup mobileapp step4

Logging in with the Microsoft Authenticator app

  1. Log in to your Office 365 application or website with your username and password as normal.
  2. The next screen will notify you that a notification has been sent to your mobile device to approve your sign-in.post 926 mfa sendapprove
  3. On your mobile device, a notification will appear in the notification panel from the Microsoft Authenticator app asking you to approve the sign-in. Select Approve.
    post 926 authapp approvenotification
  4. You have now successfully signed into your account.

If your mobile device with the Microsoft Authenticator app is not available, you can select Sign in another way to choose an alternate verification method.

Logging in with a verification code from the Microsoft Authenticator app

The Microsoft Authenticator app will display a 6-digit verification code that changes every 30 seconds. This is useful when your mobile device does not have a data connection or is unable to receive text messages.

  1. Open the Microsoft Authenticator app on your mobile device.
  2. Enter the current code displayed in the app and click Verify.
  3. If successful the login will complete.
    post 926 mfa verify code 276x300 1post 926 authapp showcode 168x300 1

Logging in with phone authentication

Phone authentication can either send an SMS text message or call your phone to complete the sign in verification.  The next screen will notify you that a text or a phone call has been sent to your phone to approve your sign in.

SMS Code Verification.

  1. Log in with your username and password as normal.
  2. The next screen will notify you that a text has been sent to your phone to approve your sign in.
  3. Once you receive the SMS text message on your mobile device, enter the code and click Verify.
  4. If successful the login will complete.
    post 926 mfa verify sms 276x300 1post 926 mfa smscode 168x300 1

Phone Call Verification.

  1. Log in with your username and password as normal.
  2. The next screen will notify you that a call is being placed to your phone for sign in verification.
  3. Answer the phone when it rings and press # when prompted.
  4. If successful the login will complete.
    post 926 mfa verify call 300x258 1
If you are having issues with mobile device email or Outlook on your computer remove and re-setup the account.

For additional support and assistance, please contact our helpdesk via the life saver icon in your taskbar.

Menu
Font Resize
Contrast