How to enable Multi-Factor Authentication in Office 365 and login using SMS or the Authenticator Mobile App

Improve security by enabling multi factor authentication on your Office 365 tenant. Tired of overly complicated two factor authentication systems? Office 365 Multi-Factor Authentication is for you! Lets take a look at the steps involved in enabling and configuring a trial user in our demo lab. Our lab is configured as cloud only but will work equally well with AD Connect too. In our lab we will be using the Multi Factor Authentication mobile app but it also support SMS authentication, in fact users can easily switch between the two if required.

Lets break the setup down into the following steps

  1. Install the Multi-Factor Authenticator App
  2. Enable Multi-Factor Authentication for specific users
  3. The User Setup Process
  4. Customising Authentication Method
  5. Application Passwords

Install the Multi-Factor Authenticator App

Users will need to install the Azure Authenticator app onto their mobile phone.

Office 365 Multi-Factor Mobile Authentication App 1

Office 365 Multi-Factor Mobile Authentication App 2

Office 365 Multi-Factor Mobile Authentication App 4

When the user first logs on they will need to scan a QR code to add 365 to the app.

Office 365 Multi-Factor Mobile Authentication App 5

Pressing SCAN QR CODE for the first time will prompt to install a barcode scanner app so press yes here to continue.

Office 365 Multi-Factor Mobile Authentication App 6

Office 365 Multi-Factor Mobile Authentication App 7

Enable Multi-Factor Authentication for specific users

Log into the portal as a company administrator and browse to Settings, Apps and select Azure multi-factor authentication.

Office 365 Multi-Factor Authentication 1

Click Manage Azure multi-factor authentication to begin the setup.

Office 365 Multi-Factor Authentication 2

One thing I love about multi-factor authentication in 365 is that it can be enabled for individual users which is great for testing. Select all of your users or as in our case select a trial user and press Enable.

Office 365 Multi-Factor Authentication 3

Confirm that you wish to enable multi-factor authentication.

Office 365 Multi-Factor Authentication 4

Success!

Office 365 Multi-Factor Authentication 5

The user is now enabled for multi-factor authentication but its a good idea to Enforce the settings because this will ensure the user has to log in using their password and mobile app or SMS to successfully log in and all applications will require an app password to work correctly.

Office 365 Multi-Factor Authentication 7

Confirm that you want to enforce multi-factor authentication.

Office 365 Multi-Factor Authentication 8

Congratulations you have enabled multi-factor authentication for one user in your Office 365 tenant. Lets see what happens when a user logs in after you enable the settings.

The User Setup Process

The user will login as usual the first time they log in after you enable multi-factor authentication.

Office 365 Multi-Factor Authentication 9

The user will be required to run through the setup procedure before they can log on.

Office 365 Multi-Factor Authentication 10

Users will be required to select a preferred authentication method. Here we select Mobile app but users can also select to authentication with their phone using SMS. Unfortunately there is no way to force users to use one or the other.

Office 365 Multi-Factor Authentication 16

The user will now need to scan this QR code using the mobile app which will configure the app to display authentication codes which update every 30 seconds.

Office 365 Multi-Factor Authenticatin 39

Once configured the app will how a verification code for this account which will be used every time the user logs onto the web portal.

Office 365 Multi-Factor Mobile Authentication App 12

 

Once the user clicks finish the mobile app configuration will be checked and verified.

Office 365 Multi-Factor Authentication 18

Once the user has confirmed their preferred authentication method they will be required to verify their mobile phone number. Users will enter their number and a verification code will be sent to it in an SMS message which they must enter to verify the number.

Office 365 Multi-Factor Authentication 19

Office 365 Multi-Factor Authentication 20

Once the user has verified their mobile phone they will be given an App password. App passwords are passwords that users must use with applications like Outlook, OneDrive and Skype for Business. Their standard logon password will no longer work so they must use this app password to authenticate with these applications.

If a user clicks finished without noting the password they will have to generate a new one because once they are generated you will never see it again. If you forget it then you have to generate a new one.

Office 365 Multi-Factor Authentication 21

Ok so the user has run through the initial setup process so lets take a look at what happens when they next logon.

A user will enter their standard password to start with.

Office 365 Multi-Factor Authentication 22

They will be prompted to enter the verification code displayed within the mobile app and the user will login successfully. If for some reason they haven’t setup the app properly or if its not working then users can use to use a different verification method and select to receive a code via SMS message.

Office 365 Multi-Factor Authentication 24

Customising Authentication Method

If a user decides to change their authentication method they can and its as easy as choosing the option from a drop down menu. When the user has logged in click the cog symbol in the top right and click Office 365 settings.

Office 365 Multi-Factor Authentication 25

Select settings then click Additional security verification.

Office 365 Multi-Factor Authentication 26

Click the link to Update your phone numbers used for account security.

Office 365 Multi-Factor Authentication 27

Here the user can set their preferred verification option and they can also update their mobile number if required.

Office 365 Multi-Factor Authentication 28

 

Application Passwords

Its best practice to generate App passwords for every application used and this is so that if you need to generate a new password from outlook you can just re-generate the password for that application rather than having to update all of the other apps in use.

Lets create a new app password for Outlook, click Create.

Office 365 Multi-Factor Authentication 36

Give the password a name, this is for Outlook so lets use that and press next.

Office 365 Multi-Factor Authentication 37

The system will generate a long password for us to use. Interestingly they don’t seem to follow any complexity rules but I guess length is king when passwords are concerned.

Office 365 Multi-Factor Authentication 38

Now we have a new app password for Outlook the user will need to enter this as the new password for their Outlook desktop app, Mobile mail settings and the Mobile Outlook application.

Summary

So there you have it, you can now enable additional security in your Office 365 tenant at no extra cost. Almost everyone has a mobile on them at all times these days and with the flexibility to use the authentication app or SMS implementation is easy.

Like with all things where the user has to be involved in the setup process you will have to educate your users. Its likely most wont read all of the messages and will select the wrong options so as always ensure user training is top of your list of things to do before rolling this out company wide.

If you found this useful please subscribe to the blog and also like on Facebook or follow me on twitter. Help me support awesome administrators like you, like and share now, thanks!

Author: Ian@SlashAdmin

Share This Post On

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.