To enhance your account security, Microsoft now requires all Microsoft 365 users—including those using Microsoft Exchange email—to set up multi-factor authentication (MFA).
Once MFA is set up, you won’t be asked to approve sign-ins every day. In most cases, Outlook and your devices will stay signed in as normal. MFA is only required when you enter your password—such as when setting up a new device, adding your email account to a new app, or signing in through the web. For everyday use, you’ll continue to access your email just as you do now.
Regardless of whether you access your email on a desktop, mobile device, or another platform, you’ll need to complete your MFA setup by signing in to your Microsoft 365 account through the online portal.
To help you through the process, we’ve put together this step-by-step guide using the Microsoft Authenticator app. You can use an alternative authenticator app, such as Google Authenticator, if you already rely on it for other services; however, please note that this guide demonstrates the steps specifically for Microsoft Authenticator.
Setting up your first device
Before you begin, please download the Microsoft Authenticator app here: https://www.microsoft.com/en-gb/security/mobile-authenticator-app
If you aren’t prompted to set up MFA when signing in, it usually means it’s already been enabled on your account. In that case, please skip to the next section on adding another device.
Step 1
Visit https://login.microsoftonline.com/ in a web browser, and enter the email address for the account you need to set up MFA for.
Step 2
You may be prompted to select the account type. If you are, select the Work or school account option from the list.
Step 3
Enter your account password in the field.
Step 4
You will be prompted to set up multi-factor authentication at this point. Simply select the Next button to get started.
Step 5
You will see a page similar to the one below. If you haven’t already downloaded the Microsoft Authenticator app on your phone, you’ll need to do so before continuing. Once you have the app installed, select the Next button to continue.
Step 6
The web page will then indicate that you’ll be setting up a Work or school type account. Simply select the Next button to continue.
Step 7
The web page will now display a QR Code which you’ll need in a moment in the app on your phone.
Step 8
Now you’ll need to open the Microsoft Authenticator app on your phone. In this example, we’re using an iPhone but the same steps apply for Android devices. Simply tap the Continue button to continue. If you’ve already opened the app before you may not see this screen, in which case you can simply skip this step.
Step 9
We’re going to tap Skip on this screen as we don’t want to sign in to an account here. As mentioned previously, if you’ve already opened the app before you may not see this screen, in which case you can simply skip this step.
Step 10
If you haven’t used the app before, you’ll now see a prompt to add your first account. Otherwise, you’ll see a list of the accounts that you’ve already set up MFA for. In either case, tap the plus icon in the upper right-hand corner.
Step 11
Next, you’ll need to select the kind of account you want to set up MFA for. In this case, please select the Work or school account.
Step 12
Tap Scan QR code in the alert that appears.
Step 13
You may receive a prompt asking for permission to use your phone’s camera. If you do, you’ll need to allow it to continue. Once the camera is active, point your phone at your computer’s screen to scan the QR code from the web browser page opened in Step 7.
Step 14
If you haven’t used the app before, you’ll now receive a prompt to allow notifications. You should allow these, as the app will notify you whenever an attempt is made to sign in to your account.
Step 15
You will now be taken back to the list of accounts and see your new account has been added.
Step 16
Back on your computer, the web browser should still be on the page opened in Step 7. You’ll need to select the Next button to continue, which will then check you have set up MFA correctly. A code will appear on the web page which you’ll need to enter in the app momentarily.
Step 17
A prompt should appear in the app requesting the code shown on the web page. Enter the code in the box in the app, and tap Yes to continue.
Step 18
The prompt will disappear, and a small banner will appear with the text Approved for a moment to confirm that MFA has been set up correctly.
Step 19
Back on your computer, the web page should also indicate that the notification was approved and therefore MFA has been set up correctly. Select the Next button to continue.
Step 20
The web page confirms that MFA has been set up and future sign ins will require MFA using your app as the default sign-in method. Simply select Done to complete the setup.
Adding another device
Once you’ve set up your first device, you can optionally add more devices that are able to approve sign-ins to the account. This is particularly helpful for shared mailboxes—such as info@example.com or accounts@example.com—where several people may need access.
It isn’t mandatory, as someone who already has MFA set up can approve another person’s sign-in during their initial setup. However, if multiple people regularly access the account (especially via the web), adding additional devices can make the process much smoother.
To add another device, visit https://aka.ms/mfasetup in a web browser and sign in to the relevant account. This link should take you directly to the Security info page. If it doesn’t, simply navigate to My Account > Security info from the left-hand sidebar.
On this page, you’ll see a list of all sign-in methods currently configured for the account. At the top of the list, click Add sign-in method, then choose Microsoft Authenticator from the options that appear. You can then continue from step 5 in the instructions above.
