Configuring Multi Factor Authentication For Office 365

Given that Office 365 is a user service, the enabling of multi-factor authentication is very much as admin driven action – that is the administrators decide that the users should have it, or that it is is configured via Conditional Access when limiting the login for the user to certain applications and locations.

For a more security conscious user, enabling it themselves if harder! To do this, follow these steps:

  1. Go to My Apps –
  2. Click your picture icon top right and choose Profile from the menu
  3. Click Additional Security Verification from the menu to the right
  4. Select your preferred method of second factor of authentication from the first drop-down box. You need to ensure that the option you choose is enabled below.

You will now be prompted for your second authentication factor that you choose when you try to do a password change or change your verification info.







3 responses to “Configuring Multi Factor Authentication For Office 365”

  1. Matt avatar

    Looking forward to being able to sign in to office 365 without a password and just using my phone as a 2 factor authentication mechanism. Perhaps you could explain how removing the need for a password and only requiring your phone as an authentication is more secure than having a password?

    1. Brian Reid avatar

      There are many things here, but the easiest is that your password can be used from anywhere, whereas phone login can only be used from wherever you are now. Sure, theft of a phone is possible, but it’s way easier to steal someone’s password than it it to physically acquire their phone. And once you have stolen the phone you still cannot use it to login as the user, as phone sign in requires the users PIN or fingerprint or facial scan to complete the login as well as entering the displayed number on the screen. This constitutes 2FA as its something you have (phone) and something you know or are (pin,fingerprint/face)

  2. Jeff Birks avatar

    Admins should decide if 2fa is required for their users, but I would suggest all admins use multi-factor authentication.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.