Office 365 - Multi Factor Authentication Setup

Modified on Fri, 15 Nov at 1:11 PM

There are two main methods for setting up Multi Factor Authentication for your Office 365 account, the first is using the Microsoft Authenticator App on your mobile. The second is setting up SMS authentication.

Microsoft Authenticator App will be the default method for most users, however, some tenants will require the use of SMS based authentication. Instructions for both of these can be found below.

TABLE OF CONTENTS

1. Microsoft Authenticator App
2. Microsoft SMS Authentication
- Step 1:
- Step 2:
3. Bitwarden TOTP Authenticator
- Step 1:
- Step 2:
4. Moving MFA From One Phone To Another

1. Microsoft Authenticator App

Step 1:

Install the Microsoft Authenticator App on your mobile phone

On your phone, go to App Store (iPhone) or Google Play Store (Android)
Search for Microsoft Authenticator App and Install it.

The icon should look like this:

Alternatively, scan the below QR codes to be taken directly to the app download within your respective app store.

Step 2:

On your PC, open up a browser (Chrome/Edge) and go to Office.com then click the "Sign In" button.

Once logged in, you will see the following alert. Click "Next"

You will then be prompted to setup your authenticator app. If you are using the Microsoft Authenticator App (See Step 1) Click Next.

Be sure to Allow Notifications on your authenticator app if prompted. Click Next

This will bring up a QR code similar to below. You'll need to leave this on your screen ready for a later step.

Step 3:

This step will be carried out on the Authenticator App you installed on your mobile during step 1.

Start the Microsoft Authenticator App and press the "Add account button" (Shown below)

Then select "Work or school account"

Select "Scan a QR code" (You may be asked to allow the App to have access to your camera and/or send notifications. You should choose Allow for both)

At this point, you will need to scan the QR code left on your computer screen at the end of Step 2

Once the QR code has been scanned you'll see a message saying "Activating. please wait..." when this message disappears, the account will have then been successfully added to your authenticator app.

You can now select the account on the main authenticator page. This will take you to a page similar to below.

You will want to leave this open for the next step as we will need it to approve the login request.

Step 4:

On your PC (Which should still be on the QR code page) Click "Next", this will give you the below message prompting you to respond to a notification on your mobile.

The notification on your mobile will ask you to confirm you are the one signing into your account. You will need to enter the 2-digit number currently displayed on your PC. Once done press "YES", your phone will request for you to input your mobile passcode or use fingerprint/face ID.

Once you have approved the sign in via number matching & verified with your mobile passcode/biometric ID, you can now click Next on your PC, then Done.

2. Microsoft SMS Authentication

Step 1:

On your PC, open up a browser (Chrome/Edge) and go to Office.com then click the "Sign In" button.

Once logged in, you will see the following alert. Click "Next"

You will then be prompted to setup your authenticator app. As we are not using the Microsoft Authenticator App, click "I want to set up a different method". Make sure that the drop down is set to "Phone" and click "Confirm"

"United Kingdom (+44)" is selected. Fill in your mobile number in the blank box and click "Next".

If the drop down does not have "Authentication phone", then your tenant has not been configured to allow SMS authentication. In this case please refer to the setup guide for the Microsoft Authentication App above

Make sure "United Kingdom (+44)" is selected. Fill in your mobile number in the blank box and click "Next".

Step 2:

Shortly after finishing Step 1, you will receive an SMS text from Microsoft, within the text will be your 6 digit verification code.

This 6 digit code needs to be entered into your PC as shown below. Once entered click "Next". If SMS is verified then click "Next" again and finally click "Done"

3. Bitwarden TOTP Authenticator

Note: While this section of the guide is for Bitwarden, the same steps can be applied to other authenticator apps such as Google Authenticator.

Step 1:

On your PC, open up a browser (Chrome/Edge) and go to Office.com then click the "Sign In" button.

Once logged in, you will see the following alert. Click "Next"

You will then be prompted to setup your authenticator app. If you're using Bitwarden click "I want to use a different authenticator app".

If you are using the Bitwarden mobile app you can scan the QR code, however, for the purposes of this guide we will be using the desktop app.

Click "Can't scan image?" then copy the Secret Key. Once the key is copied we can proceed to the Bitwarden desktop app.

Step 2:

Within Bitwarden, create a new item for your login (or edit an existing). The secret key copied previously needs to be pasted into the "Authenticator key (TOTP)" field.

Once the changes have been saved, the key will be converted into a verification code that refreshes every 30 seconds.

This is the code you will need to authenticate.

You can now return to Office.com and click Next, here you will be prompted to enter the 6 digit code within Bitwarden. Now click Next one more time and you are done.

4. Moving MFA From One Phone To Another

This section will explain how to move MFA from one phone to another. This is useful when you purchase a new phone, and need to move the MFA across. Your new phone will not have the MFA to your account unless you have backed it up to iCloud (iPhone) / Personal Microsoft Account (Android)

Step 1:

On your work laptop, navigate to Office.com

Select 'Sign In' (You may already be signed in, so you may be able to skip to Step 2.

Step 2:

In the top right of the screen, you'll see your account icon. Click this, then select 'View Account' and 'Update Info'.

Step 3:

Add a new sign in method, select 'Microsoft Authenticator'. The steps from here are the same as step 2 on the 'Microsoft Authenticator App' section.

Once you've added your new sign in method, be sure to delete the old device (in my case, the iPhone 13 Pro Max). This is the best practice to ensure even if your old phone is not wiped, no one can use it for two factor authentication.

You will then be prompted to setup your authenticator app. If you are using the Microsoft Authenticator App (See Step 1) Click Next.

Be sure to Allow Notifications on your authenticator app if prompted. Click Next

This will bring up a QR code similar to below. You'll need to leave this on your screen ready for a later step.

Step 4:

This step will be carried out on the Microsoft Authenticator App. You may need to install this on your new phone.

Start the Microsoft Authenticator App and press the "Add account button" (Shown below)

Then select "Work or school account"

Select "Scan a QR code" (You may be asked to allow the App to have access to your camera and/or send notifications. You should choose Allow for both)

At this point, you will need to scan the QR code left on your computer screen at the end of Step 2

You can now select the account on the main authenticator page. This will take you to a page similar to below.

You will want to leave this open for the next step as we will need it to approve the login request.

Step 5:

On your PC (Which should still be on the QR code page) Click "Next", this will give you the below message prompting you to respond to a notification on your mobile.

Once you have approved the sign in via number matching & verified with your mobile passcode/biometric ID, you can now click Next on your PC, then Done.