Multi-Factor Authentication is an essential security feature for every business. While not a "cure-all" for every security risk, enabling MFA will boost the strength of your company's identity security by adding additional layers to the authentication process used by your applications and services.
MFA is feature available with all of the major cloud service providers. If you are using Microsoft 365, MFA is included with all Office 365 licenses. Depending on the licensing used in your business, additional MFA and identity security features are available as well.
Setting up Microsoft 365 MFA on your phone or tablet for the first time
1. Install Microsoft Authenticator
On your phone or tablet you'll need to install the Microsoft Authenticator application from the Apple App Store or the Google Play Store.
2. Log into the Microsoft 365 Additional Security Page
Go to https://aka.ms/mfasetup to access this page. When you login, use your work email and password. After you login, you should see a page like the one below.
3. Configure "How should we contact you" default verification option
We strongly recommend you
Set "How we should contact you?" to "Mobile App"
Set "How do you want to use the mobile app?" to "Receive notifications for verifications"
This setting is a requirement for many of the modern features of MFA (such as RDS MFA) and newer security features like passwordless authentication.
As an alternative you have options to receive a phone call or text message if your company policy permits these methods.
4. Click "Set up" to begin the setup process
Note that the exact process may vary depending on the device you are using and the configuration used by your company.
Open the Microsoft Authenticator app on your phone
In the app, select add account and choose "Work or school account"
If this is your first time using the app, you can expect to see permissions prompts, tap allow or approve as these come up
If you see an option to "Scan QR Code" select that instead
Point your phone at the square QR code on your screen to scan and add the account
You'll see your account added to the authenticator app to your phone
You may also see a 6 digit code, this means the account was added sucessfully
This code is a backup method and only needed if you selected "use verification code" instead of to receive notifications
Assuming you selected "receive notifications for verifications" you will receive a prompt on your phone
Make sure you select approve
You may be asked to enter a phone number
This is a backup method for MFA in case you lose your phone or forget to move your MFA over when changing to a new phone
If you experience any issues or have questions, contact your IT provider to help!
How to review and modify your MFA configuration
When Microsoft MFA has been configured for your account, you can expect to see a screens similar to this whenever you log into an application or service that utilizes MFA:
Remember to only approve sign-ins that you know about
If you are unsure of whether or not you should approve a sign-in contact your IT provider
If you are expecting a prompt and not seeing one, try opening Microsoft Authenticator on your mobile device to see if that triggers a prompt to show up
To test and view your MFA configuration
Log into https://aka.ms/mfasetup
If MFA is configured, you will be prompted for MFA
After logging in you will see options to configure MFA for your account
Some of the options available:
You can change your default MFA verification option
Strongly recommended to set "Notify me through app"
You can update your phone number and backup phone number
This can be used as an alternate method to grant access (if your company policy permits this)
Click "Set up Authenticator App" to add a new phone or device
The setup process is the same as described in the earlier portion of this post
Click "Delete" to remove an old phone or device
It's a good idea to get rid of older devices that you no longer have
Remember to click save whenever you make any changes!
What if you don't see an option for MFA or don't use MFA in your business?
Well, that's a problem! At a minimum, every core identity in your business should be secured by MFA. We even wrote a post about it at the end of 2019!
Contact your IT provider to make sure your account and organization has been configured to use this very important feature.
Interested in having a conversation about technology in your business?