Skip links

How to set up Multi-Factor Authentication (MFA) Security

MFA set up guide

Step-by-Step Guide to Setting Up Multi-Factor Authentication (MFA) Security with Microsoft 365

Because we all know “password123” is NOT going to cut it anymore!

Step 1: Understand Your MFA Options

MFA is like the bouncer at a club—just having a password won’t get you in. You need a little extra “proof” that you’re VIP. This might include:

  • Something you know (like your password…or maybe a PIN if you’re fancy).
  • Something you have (your smartphone—the one glued to your hand).
  • Something you are (fingerprint, face scan, or some other tech magic that makes you feel like a spy).

In Microsoft 365, your best options are the Microsoft Authenticator app (highly recommended), or a text message with a code if you’re feeling old-school.

 

qr codes to download the microsoft authenicator apps

Step 2: Check Your Licensing Requirements

Before you go all-in on security, make sure you’ve got the right license. It’s like trying to get through airport security without your boarding pass—you won’t get far without the right access!—MFA won’t work without the right credentials. Here’s what you’ll need:

  • Office 365 Business Premium
  • Office 365 Enterprise E3 or higher
  • Azure AD Premium (for the Conditional Access extras)

If you don’t have these, time to upgrade your security game. Contact us for help

Step 3: Enable MFA for Your Users in Microsoft 365 Admin Centre

  1. Head over to the Microsoft 365 Admin Center.
  2. Navigate to Users and select Active users.
  3. Click on Multi-factor authentication at the top.
    (Yes, it’s hiding there—Microsoft likes to play hard-to-get.)
  4. A new tab will open showing all your users and their MFA status.
  5. Select your lucky MFA recipients.
  6. Click Enable and then confirm it like you mean it.

Step 4: Set User Settings for MFA

Because we don’t like to just flip switches and hope for the best…

  1. Go to Manage user settings in the MFA section.
  2. Set options like forcing users to re-register MFA or requiring app passwords for non-browser apps (you know, the ones that still think it’s 2005).
  3. Save your settings—this isn’t one of those “leave without saving” moments.
  • Office 365 Business Premium
  • Office 365 Enterprise E3 or higher
  • Azure AD Premium (for the Conditional Access extras)

If you don’t have these, time to upgrade your security game. Contact Cloud & More for help

Step 5: Get Users to Set Up MFA

Ah, the fun part—making your team actually set this up!

  1. When they next log in, they’ll be greeted with a not-so-friendly prompt. (No, they can’t skip it, no matter how hard they try.)

  2. They’ll need to provide additional info:

    • Set up the Microsoft Authenticator app (Recommended—because no one wants to wait for SMS codes.)
    • Enter a phone number just in case they misplace their phone in the sofa cushions.
  3. The Authenticator app will show a QR code. Have them:

    • Open the app, select Add account, and choose Work or school account.
    • Point their phone at the screen like they’re taking a picture of their cat—only this one’s for security.

Step 6: Confirm MFA Is Working

Ah, the fun part—making your team actually set this up!

  1. When they next log in, they’ll be greeted with a not-so-friendly prompt. (No, they can’t skip it, no matter how hard they try.)

  2. They’ll need to provide additional info:

    • Set up the Microsoft Authenticator app (Recommended—because no one wants to wait for SMS codes.)
    • Enter a phone number just in case they misplace their phone in the sofa cushions.
  3. The Authenticator app will show a QR code. Have them:

    • Open the app, select Add account, and choose Work or school account.
    • Point their phone at the screen like they’re taking a picture of their cat—only this one’s for security.

Step 7: Enforce Security Defaults or Conditional Access (Optional)

  • Security Defaults: For small organisations, turn on Security Defaults in Azure AD to put a basic bouncer at the door.
  • Conditional Access: If you’re all about customisation, use Conditional Access policies to let MFA loose only on certain days, devices, or locations. (Basically, you’re adding velvet ropes for the VIPs and a hefty “No Entry” for the suspicious crowd.)

Step 8: Communicate with Your Team

Your team might resist, but remember: MFA is here to keep your data safe from people who are very interested in your business…for all the wrong reasons.

Send out a friendly message like: “Hey team, we’re making a few changes to keep the baddies out. Please set up MFA—yes, that’s multi-factor authentication, and no, ‘password’ isn’t going to work anymore.”

And make sure to include a “How-To” guide for the less-than-techy ones (or the ones who still struggle with Netflix passwords)

Step 9: Monitor and Adjust as Necessary

It’s like watching over a newborn—MFA will need some attention. Go back to the Admin Center and check the Sign-in activity report in Azure AD to see if there’s any strange activity (or if someone’s been trying to hack into your Netflix by mistake).

Protect Your Business from Cyber Threats Today!

At Cloud & More, we don’t just implement security—we make it personal. Chat with our experts to see how we can tailor a cybersecurity plan that fits your organisation’s unique needs.

Ready to secure your data and sleep easier at night?

Get in touch with our team to talk about safeguarding your business with MFA, cyber awareness training, and more.”

Share the Post: