This guide is going to outline the process to getting MFA (Multi-Factor Authentication) working for our Microsoft accounts.


The reason for MFA implementation is to increase security in this everchanging world of cyberspace. MFA grants an extra layer of security in that if your password were to be compromised, you would be able to see a would-be attackers login attempt and approve or deny any malicious login. 


The login sessions will last 14-days before asking for approval on the application/device. 


First, we'll install the Microsoft Authenticator app to our phone. 


Installing the MFA to Your Smartphone:


  1. Open up the iOS App Store or Google's Play Store depending on your phone/operating system.

  2. Search "Authenticator" and locate the Microsoft Authenticator. 

  3. Download the app then continue with the instructions below to get the MFA setup process started.


How to Setup MFA:


  1. On a separate device from your mobile phone (a computer is easiest, but another mobile device such as a tablet will work) navigate to https://mysignins.microsoft.com. You'll need to sign in to Office 365 if you are not already.

  2. Here, you should click on Security Info on the left-hand column.

  3. Click on the "+Add Method" as depicted below


  4. In the newly popped-up window, select the Microsoft Authenticator option.


  5. Follow the prompts- starting with the first one telling you to download the app on your smartphone


  6. Once that's done, click next and you'll have this prompt regarding adding the school or work account
    In the app, upon selecting "Work or school", you should select Scan QR Code. If prompted, approve the app's use of your camera.


  7. Use the Microsoft Authenticator app on your smartphone to scan the custom QR code that will be presented on the My Sign-ins webpage you logged into (not the example QR code below). Doing so will automatically add your account.
  8. Hitting Next will allow you to test out that the push notifications work and then you should be all set!




Second, we'll add a phone number as a backup authentication method. 


Adding your phone number to MFA:

  1. Back in your browser, navigate back to the My Sign-ins page you were previously on (https://mysignins.microsoft.com)

  2.  If needed, click on Security Info on the left-hand column.

  3. Click on the "+Add Method" as depicted below

  4. In the newly popped-up window, select one of the phone options. I recommend Phone for your cell phone and Office phone for your desk phone.


  5. Enter your phone number including area code and hit Next. You will then receive a phone call asking you to press a key to confirm the sign-in and then it will add your number to your list of authentication methods. 
  6. If you'd like to add another phone number, repeat these steps.
     

Finally, we'll set which method (app or phone) you'd like as your default authentication method. 


Selecting your default authentication method:


  1. On the Security Info tab of the Sign-ins page, select "Change" next to "Default sign-in method"



  2. In the newly popped-up window, select one of your configured options. The most popular option is Microsoft Authenticator - notification which will give you a push notification to approve sign-in attempts. Select your preferred method and hit Confirm.


You are now fully set up with MFA. Please reach out to the IT team with any questions.