Multi-Factor Authentication is an essential security feature for every business. While not a "cure-all" for every security risk, enabling MFA will boost the strength of your company's identity security by adding additional layers to the authentication process used by your applications and services.

MFA is feature available with all of the major cloud service providers. If you are using Microsoft 365, MFA is included with all Office 365 licenses. Depending on the licensing used in your business, additional MFA and identity security features are available as well.

Setting up Microsoft 365 MFA on your phone or tablet for the first time

1. Install Microsoft Authenticator

On your phone or tablet you'll need to install the Microsoft Authenticator application from the Apple App Store or the Google Play Store.

• Microsoft Authenticator from Apple App Store

• Microsoft Authenticator from Google Play

2. Log into the Microsoft 365 Additional Security Page

Go to https://aka.ms/mfasetup to access this page. When you login, use your work email and password. After you login, you should see a page like the one below.

3. Configure "How should we contact you" default verification option

• We strongly recommend you

  • Set "How we should contact you?" to "Mobile App"

  • Set "How do you want to use the mobile app?" to "Receive notifications for verifications"

    • This setting is a requirement for many of the modern features of MFA (such as RDS MFA) and newer security features like passwordless authentication.

As an alternative you have options to receive a phone call or text message if your company policy permits these methods.

4. Click "Set up" to begin the setup process

Note that the exact process may vary depending on the device you are using and the configuration used by your company.

1. Open the Microsoft Authenticator app on your phone

2. In the app, select add account and choose "Work or school account"

   1. If this is your first time using the app, you can expect to see permissions prompts, tap allow or approve as these come up

   2. If you see an option to "Scan QR Code" select that instead

3. Point your phone at the square QR code on your screen to scan and add the account

4. You'll see your account added to the authenticator app to your phone

   1. You may also see a 6 digit code, this means the account was added sucessfully

   2. This code is a backup method and only needed if you selected "use verification code" instead of to receive notifications

5. Click Next

6. Assuming you selected "receive notifications for verifications" you will receive a prompt on your phone

   1. Make sure you select approve

7. Click Next

8. You may be asked to enter a phone number

   1. This is a backup method for MFA in case you lose your phone or forget to move your MFA over when changing to a new phone

9. Done!

If you experience any issues or have questions, contact your IT provider to help!

How to review and modify your MFA configuration

When Microsoft MFA has been configured for your account, you can expect to see a screens similar to this whenever you log into an application or service that utilizes MFA:

• Remember to only approve sign-ins that you know about

• If you are unsure of whether or not you should approve a sign-in contact your IT provider

• If you are expecting a prompt and not seeing one, try opening Microsoft Authenticator on your mobile device to see if that triggers a prompt to show up

To test and view your MFA configuration

1. Log into https://aka.ms/mfasetup

   1. If MFA is configured, you will be prompted for MFA

2. After logging in you will see options to configure MFA for your account

Some of the options available:

• You can change your default MFA verification option

  • Strongly recommended to set "Notify me through app"

• You can update your phone number and backup phone number

  • This can be used as an alternate method to grant access (if your company policy permits this)

• Click "Set up Authenticator App" to add a new phone or device

  • The setup process is the same as described in the earlier portion of this post

• Click "Delete" to remove an old phone or device

  • It's a good idea to get rid of older devices that you no longer have

Remember to click save whenever you make any changes!

What if you don't see an option for MFA or don't use MFA in your business?

Well, that's a problem! At a minimum, every core identity in your business should be secured by MFA. We even wrote a post about it at the end of 2019!

Contact your IT provider to make sure your account and organization has been configured to use this very important feature.

Interested in having a conversation about technology in your business?

Send in a contact request at www.aevotec.com or email info@aevotec.com.