Azure multi-factor authentication is a method of verifying who you are that requires the use of more than just a username and password. Using MFA for Office 365, users are required to acknowledge a phone call, text message, or app notification on their smartphones after correctly entering their passwords. They can sign in only after this second authentication factor has been satisfied.
In this example, we will be doing MFA with mobile App notification.
Step 1:
– Login to your office 365 Portal using your global admin credential. https://login.microsoftonline.com
– Navigate to USERS -> ACTIVE USERS

Step 2:
– Click More > Setup azure multi-factor auth.

Step 3:

• Check the checkbox for selected staff
• On the right user info panel, Under quick steps-> click Enable
• A dialog box will be displayed, you are advised click on the link to read the deployment guide if you have not done so. Then click on the button enable multi-factor auth.

Step 4:

• User account MFA is now enabled.

Step 5:

• Now we need to login to webmail – https://login.microsoftonline.com . It will prompt to setup security setting. Choose Set it up now

Step 6:

• Select your authentication method and then follow the prompts on the page. In this example, we choose Mobile App for contact method and Receive notification for verification.
• Click Set Up

Step 7:

• Follow the screen instruction. You are required to install Microsoft Authenticator App from your mobile app store.
• In the app, add an account and choose “Work or School Account”
• Scan the QR Code to add your email account into Authenticator App.
• Click Next

Step 8:

• Enter your mobile contact in the case that you lost access to the mobile
• Click Next.

Step 9:

• you will see a page showing an app password. Please note down your app password to be used in some email client like Microsoft office, Apple Mail that doesn’t support Microsoft modern authentication.

Note: Microsoft Office 2016 support modern authentication but you are required to enable ADAL for Office 365. 

Accessing your webmail with MFA enable

Step 1:

• Login to your webmail https://login.microsoftonline.com
• Enter your email and password

You will receive a notification from your mobile app. You will need to click Approve before you can access to the webmail.

Congratulation. You have now completed the setup for enabling and configuring MFA.

Once the MFA is setup, your email client on your smartphone, computers and Skype account will prompt you to enter a new password. Under Step 9, there is an “app password” generated. Kindly type in the app password as required.

This blog is written by Dave Teoh. Dave has successfully migrated our customer Microsoft Exchange on Premise to Office 365 Enterprise plan. He is also a member of Information Rights Management and Message Encryption project for Office 365 Enterprise implementation.