Tech Tips and How-To Guides

Microsoft 365 accounts are common targets for attackers because they hold email, files, and often connect to other business systems. Enabling multi-factor authentication on your Microsoft 365 account is the single most effective thing you can do to prevent unauthorized access, even if your password is stolen.

For personal Microsoft accounts

1. Go to account.microsoft.com and sign in.
2. Click Security in the top navigation, then Advanced security options.
3. Under Two-step verification, click Turn on.
4. Follow the setup wizard. You can use the Microsoft Authenticator app, an authenticator app of your choice, email, or SMS.

For Microsoft 365 business accounts

If your organization uses Microsoft 365 for Business, MFA is configured through the Microsoft 365 admin center. As an administrator:

1. Go to admin.microsoft.com and sign in.
2. Go to Users, then Active users.
3. Click Multi-factor authentication in the top toolbar.
4. Select the users you want to enable it for and click Enable.

If your organization uses Security Defaults or Conditional Access policies, MFA may already be enforced through those mechanisms. Check with your IT administrator if you are unsure.

Using the Microsoft Authenticator app

Microsoft Authenticator is the recommended app for Microsoft accounts. Download it from the App Store or Google Play, then follow the setup prompts to link it to your account. Once set up, you approve login requests with a single tap on your phone rather than typing a code.

What happens if you lose your phone

During MFA setup, Microsoft provides backup codes and alternative verification options. Save your backup codes in a secure location. You can also set up multiple authentication methods so that losing one device does not lock you out permanently.