How to set up multi-factor authentication (MFA) for Microsoft 365

App/System: Microsoft 365
Learn: How to set up multi-factor authentication
Skill level: Beginner
Read time: 2 minutes


Why does security matter?

Did you know that cyber security breaches in the UK cost an average of £4200 per business over a period of 12 months, according to the UK Cyber Security Survey 2022 report? 39% of businesses identified they were victim to a cyber security attack and it’s possible this number was underreported, as those businesses with lower cyber-security may not even realise they’ve been attacked.

Of those 39%, 83% of the attacks reported were phishing attempts, where hackers try to get access to username and password information. If you don’t have multi-factor authorisation in place, they can use this stolen information to log into your business critical systems and steal your documents and other sensitive information.

What is MFA?

MFA stands for multi-factor authentication, and it is a way to prove more securely who you are when trying to sign into an account online. To find out more about MFA see our article: What is MFA?

Before you can set up MFA

If you are part of an organisation, before you are able to set up MFA for your Microsoft 365 account the system administrator for your organisation will need to have turned on the MFA option.

Administrators can follow this link to find out how to turn on MFA for their organisation. Set up multifactor authentication for users – Microsoft 365 admin | Microsoft Docs

Setting Up MFA

Once your system administrator has turned on MFA you simply need to login into your account. If you are already logged in you will need to logout first, and then log back in.

After you have entered your login credentials you will see an additional screen that advises you need to provide more information.

Microsoft dialogue - More information required

Click Next and you’ll be advised to set up MFA with the free Microsoft authenticator app. If you already have the app set up, you can follow the on-screen prompts to add this account to your app. If you don’t have the app there will be a link to download it, or head to the App Store on your device.

You can also use other authenticator apps; just ensure they are legitimate before you download and install them on your device. Microsoft have now removed the option to use SMS as your MFA as authenticator apps are more secure, so using an authenticator app is your only option.

Once you’ve set up MFA you can see the methods you’re using in the M365 account, under security settings.

MS365 security screen.

Using MFA when you log in

The next time you sign in you will be required to provide the code displayed in your app .

MS365 MFA verification screen

Unless your organisation requires it, you won’t usually have to use MFA every time you sign in. Only when you change your password, sign in on a new device, or into a new app.

Find out more

Want to ensure your business data is secure? Arrange a 15 minute call with an expert to review your IT and security set up.
Speak to one of our experts

Get an expert review

Arrange a 15 minute call with an expert to review your IT set up and find ways to make your IT better.
Get in touch