727-216-8010 / 805 618-1853 info@protekitsolutions.com

ProTek IT Solutions has migrated hundreds of mailboxes to Microsoft Office 365 from every possible email platform like Google, Plesk, CPanel and much more. In implementing each Office 365 account we configure best security practices to prevent a compromise of any of the email accounts. One of the key security measures is implementing MFA.

SET UP & ENABLE MULTI FACTOR AUTHENTICATION (MFA):

Office 365 offers an additional level of security whereby to log into your Microsoft Office 365 account you would first put in your password and Microsoft will then send a code to you via the chosen method (outlined below) to further authenticate before allowing access. Because its more than just one method of authentication such as your password, it’s called “multi” factor authentication because you’re using 2 or more methods before you’re allowed access.

Modern versions of the Microsoft Outlook applications (Outlook on the Web, Outlook Desktop App, Outlook Phone App) all work with Multi Factor authentication easily.

It is important to know that 3rd party applications such as the Windows built in Mail application, the Mail app on your phone or any other non-Microsoft application do not support the built-in MFA and will require you to create and input something called an App Password.

This write-up has 4 sections – we recommend at a minimum configuring the first two sections so that you have text messages and an authenticator app setup for MFA. That way if one of them is not working for some reason you have the 2nd option.

SETTING UP MULTI-FACTOR AUTHENTICATION WITH TEXT MESSAGES:

  • Initial setup of Office 365 MFA with Text Messages.

MICROSOFT AUTHENTICATOR APPLICATION:

  • Using the Microsoft Authenticator Application

ALTERNATE METHOD: Office 365 multi-factor authentication with Google Authenticator or other 3rd party Authenticator.

  • Using a 3rd party Authenticator like Google Authenticator or AWS Authenticator.

ADDING ADDITIONAL METHODS OF MFA:

  • How to add additional methods of MFA after your initial setup.

ADDING ADDITIONAL APPLICATIONS WITH “APP PASSWORDS”

  • Generating App Passwords for non-Microsoft based mail applications.

LINKS USED:

SETTING UP MULTI-FACTOR AUTHENTICATION WITH TEXT MESSAGES:

  1. An administrator will enable Multi-Factor authentication for your Office 365 account. When this happens, you will likely be asked to re-input your email password in your Outlook Desktop app or any other app where your email is connected.
  1. Ignore this for now and Open a Web Browser > Paste this link into the search bar at the top:

https://aka.ms/MFASetup

  1. Log in to your email – you will then be prompted to set up MFA.
  1. Choose a method from the options given – you can either have a code texted to your phone, receive a phone call with the code from a machine or download an authenticator app on your phone. For the purpose of this demonstration, I will be selecting a text message. Put in the phone number you want to receive a text on and click “Next”.
  • NOTE: See later section “ALTERNATE METHOD: Office 365 multi-factor authentication with Google Authenticator or other 3rd party Authenticator” for instructions on using a non-Microsoft authenticator app to set this up on your phone.
  • You can even setup all of these methods so that you can choose which one to use when signing in in case one of them is not convenient at the time, i.e. SMS, call a mobile phone, call an office phone, authenticator app and more! Here is a direct link to the page to add more authentication methods at a later time: My Sign-Ins | Security Info | Microsoft.com

e. On the next page, insert the code that was sent to you and click “Verify”.


f. You’ll notice in the below image that it has created an “App Password” – go ahead and click on the copy button next to it and save it in a word doc or somewhere else temporarily – you’ll need this for any non-Microsoft email software like the mail app on an iPhone or Android Phone.


g. Now click on “Done” once it’s verified.

h. You will be directed back to the login for your Microsoft account. Login again.

i. Office will now ask you how you want to receive the MFA, either by text or a phone call. Chose the best option for you.

j. Enter the code you’re given and click “Verify”.

k. Now select whether you want to stay signed in or not.

l. CONDITIONAL: You will now be taken to setting up App Passwords. If you need/want to set this up, please follow the section below “Setting up App Passwords” – it will explain when you would need an App password, this may not be applicable to you and is not always necessary.

m. Once you have gone through the steps for MFA, return to your mail application(s) and sign in. You will be sent a code to authenticate now that MFA is set up for your account.

MICROSOFT AUTHENTICATOR APPLICATION:

    1. On this first screen, select the “Use verification code from app or token”. Now click on the blue “Set up Authenticator app”.
    1. To setup the mobile app you will need to download the Microsoft authenticator app. You can find this in your phone’s app store.
    2. Open the app once it’s downloaded. Click on the “I agree”. Now follow the steps 2 and 3 below, you’ll be scanning the below QR code with the authenticator app. Once done, click “Next”.
    1. Finally click “Finish” on your phone.
    1. Now when you log into Outlook or any other Microsoft related service, you will see the below prompt. You will select “Approve a quest on my Microsoft Authenticator app” or “Use a verification code”.
    1. You will either have a pop up on your phone or you will need to go into the Microsoft authenticator app and get a code and input it.

ALTERNATE METHOD: Office 365 multi-factor authentication with Google Authenticator or other 3rd party Authenticator.

  1. On this first screen select “Use verification code from app or token”, then click on the blue “Set up Authenticator app”.
  2. On this screen click on the link “Configure app without notifications”.
  3. You will see step 1 above change to “Install the Microsoft Authentication or any authenticator app for Windows Phone, Android or IOS.”.
  4. Download and install the Google or other 3rd Party Authenticator App for your phone. Do a search for “Google Authenticator App” in either the App Store (iOS) or Play Store (Android).
  5. Once the app is installed, run it and click on the Scan a QR Code.
  6. Your Google Authentication app should not be working with the Microsoft Authenticator app.

Additional info from Microsoft on managing App Passwords:

How to manage app passwords – Azure Active Directory | Microsoft Docs

ADDING ADDITIONAL METHODS OF MFA:

  1. If you would like to add additional methods of MFA like an alternate phone, authenticator app or office phone, click on the following link: https://mysignins.microsoft.com/security-info
  2. Next click on “Add sign-in method”.
  3. Select the additional sign in method you would like and then click “Add”.
  1. Enter the info for the new MFA method and click “Done” when you’re finished.

ADDING ADDITIONAL APPLICATIONS WITH “APP PASSWORDS”

An App Password is a special password created uniquely for applications that do not support multi-factor authentication. App Passwords are provided by Microsoft and can not be manually type – i.e., they are auto generated.

An App Password would be for any non-Microsoft email application, like the iPhone mail app, any Droid mail application. Outlook and Outlook mobile don’t require app passwords.

  1. To begin go to this link:https://account.activedirectory.windowsazure.com/AppPasswords.aspx
  2. At the very top of the screen you will see two tabs: “Additional Security Information” and “App Passwords”.
  3. Click on App Passwords
  4. Click on “Create”
  5. Name it Something Relevant such as “Mail App on my iPhone”
  6. Click “Next” and then copy the password
  7. Save the password somewhere temporarily so you can use it.
  8. Next time you are prompted to input the password for the 3rd party mail app in question, use the corresponding app password instead of your usual email password.
  9. This is a one time use password so for security reasons delete it wherever you have it written down.
  10. Repeat for any other applications.

If you require further help, please leave a comment and we will answer it as soon as possible.

For professional IT support, please contact ProTek IT Solutions.