Guide to Enable multi-factor authentication for Office 365 users
Multi-factor authentication (MFA) is a method of authentication that requires the use of more than one verification method and adds a second layer of security to user sign-ins and transactions. It works by requiring any two or more of the following verification methods:
A randomly generated pass code
A phone call
A smart card (virtual or physical)
A bio metric device
Office 365 uses multi-factor authentication to help provide the extra security and is managed from the Office 365 admin center. Office 365 offers the following subset of Azure multi-factor authentication capabilities as a part of the subscription:
The ability to enable and enforce multi-factor authentication for end users
The use of a mobile app (online and one-time password [OTP]) as a second authentication factor
The use of a phone call as a second authentication factor
The use of a Short Message Service (SMS) message as a second authentication factor
Application passwords for non browser clients (for example, the Microsoft Lync 2013 communications software)
Default Microsoft greetings during authentication phone calls
Set up multi-factor authentication in the Office 365 admin center
- You must be an Office 365 global admin to do these steps.
Go to Users > Active users.
Choose More > Setup Azure multi-factor auth. If you don't see the More option, then you aren't a global admin for your subscription.
Find the people for whom you want to enable MFA. In order to see everyone, you might need to change the Multi-Factor Auth status view at the top.
The views have the following values, based on the MFA state of the users:
Any Displays all users. This is the default state.
Enabled The person has been enrolled in MFA, but has not completed the registration process. They will be prompted to complete the process the next time they sign in.
Enforced The person may or may not have completed registration. If they have completed the registration process, then they are using MFA. Otherwise, they will be prompted to complete the process the next time they sign in.
Select the check box next to the people for whom you want to enable MFA.
On the right, under quick steps, you'll see Enable and Manage user settings. Choose Enable.
In the dialog box that opens, choose enable multi-factor auth.
Bulk update users in MFA
You can bulk update the status for existing people by using a CSV file. The CSV file is used only for enabling or disabling MFA, based on the user names present in the file. It is not used to create new users.
You must be an Office 365 global admin to do these steps.
On the multi-factor authentication page, choose bulk update.
In the Select a CSV file dialog box, choose Browse for file.
Browse for the file that contains the updates, then choose Open. The column headings in your file must match the column headings in the following example:
Choose the Next arrow.
After the file is verified, choose the Next arrow to update the accounts.
When the process is finished, choose the Done check mark.
Instructions for your users after MFA is Enabled.
Once your admin enables your organization with 2-step verification (also called multi-factor authentication), you have to set up your account to use it.
If your admin has turned on multi-factor authentication for your organization, and you're using apps that connect to your Office 365 account, you'll need to generate an app password so the app can connect to Office 365. For example, if you're using Outlook 2016 or earlier with Office 365, you'll need to create an app password.
Check whether your Office 365 admin has turned on multi-factor authentication for your account. If they haven't, when you try to do these steps you won't see the options in Office 365.
Sign in to Office 365 with your work or school account with your password like you normally do. After you choose Sign in, you'll see this page:
Choose Set it up now.
Select your authentication method and then follow the prompts on the page. Or, watch the video to learn more.
After you verify your alternate contact method, choose Next.
You'll get an app password that you can use with Outlook, Apple Mail, etc. Choose the copy icon to copy the password to your clipboard. You won't need to memorize this password.