Two Factor Authentication (2FA) is an extra layer of security to make sure a person trying to access an account is who they say they are. A password is ‘something you know’, but also something that other persons may know or discover.

Why do I need to add 2FA to my Office 365 user account?

Without 2FA enabled on your Office 365 mailbox, anyone who has knowledge of your username and password would be able to access and misuse your mailbox identity.

To gain access to a 2FA enabled resource you need your password and a second piece of evidence to prove your identity, either ‘something you have’ (such as a secure token, mobile phone device or keycard) or ‘something you are’ (such as your fingerprint, iris or your voice). With 2FA enabled on your Office 365 mailbox, knowledge of your username and password alone (be that accidental or deliberate) would not be enough to access your mail.

The steps below installs a 6-digit random number generator to your mobile phone (‘something you have’), and which changes every 30 seconds. Log in to your 2FA enabled Office 365 mailbox would then require both your username and password and this constantly changing 6 digit code.

 

How do I enable Office 365 2FA on my user account?

You can use the instructions below to enable Office 365 two factor authorisation (2FA), and how to use the Microsoft Authenticator App for 2FA.

You will need your:

Company Email Address name@company.co.uk
Password Login password for your Office 365 mailbox
Computer to access your Office 365 mailbox via a web browser
Mobile phone to host the Authenticator app, and a mobile phone number for additional security purposes

 

These instructions take you through the following steps, it is important that all these steps are followed.

Step 1 – Download Microsoft Authenticator app to your mobile device

Step 2 – Access Office 365 user account online

Step 3 – Configure the Microsoft Authenticator App

Step 4 – Save Microsoft Authenticator App Password

Step 5 – Login to Office 365 account using 2FA

Questions provide additional information and how to sort out things when they go wrong.

 

Step 1 – Download Microsoft Authenticator app to your mobile device

  1. Navigate to your phones App Store and search for Microsoft Authenticator app. The search results should have found the following apps:

2. Download the Microsoft Authenticator app to your phone.

3. Once download is complete, a new app icon will have appeared on your phone called Authenticator.

You will need this later in step 3.

Step 2 – Access Office 365 user account online

  1. Using your computer, open a browser and navigate to https://login.microsoftonline.com.
  2. Log into Office 365 online with your company email address and password.
  3. Your IT Administrator will already have enabled 2FA on your company user account, so you should receive the following prompt asking you to setup 2FA.

4. Click on Next.

5. You will then arrive on the page called Additional Security Verification asking you which security method you would like to use.

6. Select the option Mobile App from the drop-down list and select Use verification code from the list of choices, click Set up.

7. Once this has been completed you will be displayed with the message below.

This contains the QR Code (black square) which you will need to scan with the Authenticator app downloaded in Step 1 to setup your account.

 

Step 3 – Configure the Microsoft Authenticator App

  1. With your mobile phone in hand, open the Microsoft Authenticator app.
  2. Skip any intro screens the app may present to you, until you get to the Ready to add your first account? screen or similar.

3. Select Add account or “+” icon in the top right corner of the app screen.

4. Select the option Work or school account.

5. You may be asked to allow the app to use your phone’s camera, click OK to allow this.

6. You will be presented with a screen called Scan QR code with a square camera box in the centre of the screen.

7. Lift your mobile device so that the QR code on your computer screen sits inside the Scan QR code camera square on your mobile phone.

8. As soon as the Authenticator app has scanned the QR code the following screen will appear on the computer screen. Set up button is greyed out and the Next button is highlighted.

On the Authenticator app on your mobile phone a new account will have been created, displaying a set of 6 digits that updates every 30 seconds.  This ever-changing number provides the second authentication factor required for 2FA.

9. Click Next on your computer screen.

10. You will then be prompted for the six-digit verification code from the Authenticator app.

11. Enter the six-digit code displayed on your mobile phone Authenticator app and click Verify.

12. Select the country from the drop-down list and then enter your mobile telephone number. Click Next.

 

Step 4 – IMPORTANT STEP: Save the App Password

1. An Authenticator App password will be presented to you. Please make a note of this and keep it safe. Write it down or use the copy tool to the right of the password then paste into notepad, so that you can save it to your machine.

Select Finished when you are sure you have a copy of the password stored.

OUTLOOK ON YOUR PC & MOBILE DEVICE WILL NEED THIS APP PASSWORD WHEN YOU NEXT USE IT

 

Step 5 – Login to your Office 365 account using 2FA

  1. Open Outlook on your computer and when prompted enter your company email address (username) and click next.

2. Enter your Windows password (your computer logon password) then click Next.

3. You will then be prompted to enter the six-digit verification code from the Authenticator app on your phone. Enter the code and your Outlook will run as normal.

 

Will I need to use 2FA every time I open Outlook?

No, if you are opening the Outlook application on your computer. However, you will need to add the Authenticator App Password, saved in step 4 – #1, the first time you use Outlook.

Yes, if you open Outlook through a browser. You will need to use the app to authenticate your login credentials.

 

Why did I need to save the app password?

Some applications which use 2FA need the Authenticator app password to function.  Outlook on your PC, or mobile device, will ask you to enter the Authenticator App password the first time you use it.

This connects the MFA account to your Outlook account, and know when to prompt for 2FA verification codes using the Authenticator App.

This will only be asked for once, if it is successful.

 

I have forgotten to take a note of the Authenticator App Password?

If you have forgotten to take a note of this during setup, or otherwise it does not work, you can generate a new password with the following steps:

  1. Navigate to https://www.office.com/ in any browser
  2. Sign in with your email and Windows password when prompted, enter your code from your authenticator if required.
  3. Top right corner, click your initials, this will open a menu; select ‘My Account
  4. Opens to a page with a blue context menu; to the left-hand side, click ‘Security and Privacy
  5. Then ‘Additional security’ and then ‘App password’ (the bottom choice)
  6. Click create and name it something like ‘New app password for Outlook’
  7. This will then present a new code to you on screen. Copy this password, open notepad, paste the password to notepad and save it to your desktop, or copy then paste directly into Outlook password request box.
  8. You will need to manually add the password into your Mobile Outlook app, if receiving emails on your phone.

 

I have made a mistake or have been unable to setup 2FA?

First contact your IT Administrator at your business.  They will be able to re-enable 2FA at the Office 365 portal so you can go through the process again.

Otherwise, if problems persist, please contact the Air IT Service Desk.