How to stop Microsoft 365 Account being compromised with 2FA or MFA

Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA) is essential if you need secure access to a site or application. Once set up, you will receive a security code on a trusted device, such as your phone, every time you sign in to the app where you enabled 2FA. Here, I will cover the steps on how you can use 2FA or MFA to stop your Microsoft 365 Account from being compromised.

Step 1: Set up 2FA in Azure Active Directory

  • Go to your Admin center.
  • Open Azure Active Directory.
  • Click on “All services.”
  • Click on “Azure Active Directory” under “Identity.”
  • Select “Security.”
  • Click on “Authentication methods” under “Manage.”
  • Select “Microsoft Authenticator.”
  • Select “Yes” under “Enable” and select “All users” under “Target.”
  • Then click “Save.”

Step 2: Set up 2FA on your account

  • First, sign in to Office 365.
  • Click on your profile image or initials in the top right corner.
  • Select “View account” from the dropdown menu.
  • Click on “Security info.”
  • Click on “Add sign-in method.”
  • Click the select box to choose a method.
  • Click the “Add” button.
  • Enter your phone number.
  • Choose an authentication method, “Text” or “Call,” then click “Next.”
  • Enter the 6 digit code sent to your phone and click “Next.”

Make sure you’ve assigned at least three distinct security contact email addresses or phone numbers to your account for backup before you enable two-step verification. Your account might be permanently closed if you misplace your security information and don’t have a backup contact method.

I have gone through both of the procedures to ensure they work, all you need to do is follow the steps, and you will be able to complete the process without any issues.

How to set up MFA for users on the network to prevent accounts from being compromised

The Microsoft Authenticator two-step verification offers an extra degree of protection. You will get a code on your phone to finish the sign-in procedure to a Microsoft account when you enable the function and attempt to connect to locations like your Microsoft account, Outlook on the web, or Windows 11.

However, for users to set this form of authentication up, they will need to have admin users like yourself go into the Azure portal and make adjustments to allow users to manually set up 2FA. Once the setup is complete, users can sign into the account, knowing external threats won’t compromise it.

  • Now click on the launcher.

Nine dots illustrate the launcher in Office 365 on the top left-hand side of the display; click on it to access the applications that Office 365 has.

  • From there, click on “Admin.”

To access the admin, you will need admin-related permissions, which senior members can only grant with global administrative permissions. If a user does not have admin permissions enabled, they will not be able to proceed with the steps ahead. So make sure you contact your global admin member to give you the correct permissions for the process to work.

  • Under the Admin centers, select “Azure AD.”

Under the admin centers section, there will be a list of options available; here, you will want to click on “Azure AD.” I have the app pinned to the favorites section because I frequently use the app. However, if you are not a frequent user and haven’t pinned the app, you will need to click on “Show all” to reveal the application.

  • Select “All services” and then click on “Azure AD.”

Tip: If you click on the small star next to the options available under All services, it will pin that option to the favorites section. Here you will can the services easily.

  • Choose “Security” from the list of different options available.

The option is towards the bottom of the menu; you may need to scroll down to find this option and open it.

  • Under “Manage,” click on “Authentication methods.”
  • Choose “Microsoft Authenticator.”
  • Select “Yes” under Enable and then choose “All users” under Target.
  • Click on “Save” to complete the process.

Once you have completed the steps, you will have managed to set up MFA for users to have enabled their accounts. The process is mandatory from this point onwards, as the next login for those users will require MFA or 2FA to access their accounts. Users can now go into their Office account and access the Security section, where they can input a new form of MFA.

How to set up MFA and 2FA on devices once the initial admin setup is complete

Once the admin user has assigned MFA to all accounts, you can go into your Office account and set 2FA or MFA, depending on your preference. You will also need to download the authenticator application on your mobile device to access your account.

You can reset your password if you forget it. When you activate 2FA on your account, you can reset your password if you forget it as long as Microsoft has two ways to reach you. Such as one of the alternate contact email addresses or phone numbers you gave when you enabled two-step verification.

  • Now click on your profile picture.
  • Choose the option for “View account.”
  • Click on “Security info.”
  • From there, click on “Add sign-in method.”
  • Click on the dropdown to choose a method.
  • Now click on “Add.”
  • Input your phone number.
  • Choose your verification method and then click on “Next.”
  • Enter the code and then click on “Next.”
  • Once verified, check to see if you have MFA enabled.

Upon completion, you will have managed to set up MFA on your Office 365 account; now, when you sign in, you will need to access the authenticator app and then approve sign-in. The process shown here will allow your Office account to remain more secure and prevent unwanted attacks on your data. Having MFA also prevents a company data breach and important information from getting into the wrong hands.

Conclusion

Thank you for reading our content on how to stop Microsoft 365 Accounts from being compromised with 2FA or MFA. I have provided a couple of different methods you can use to help set up the MFA on your account and how an admin user can enable those settings from the Azure dashboard. You must make sure you have an active mobile with the MFA app for the process here to work. If you encounter any issues following the steps, drop a comment below, and we will address them.

Saajid Gangat

Saajid Gangat has been a researcher and content writer at Business Tech Planet since 2021. Saajid is a tech-savvy writer with expertise in web and graphic design and has extensive knowledge of Microsoft 365, Adobe, Shopify, WordPress, Wix, Squarespace, and more! You can connect with Saajid on Linkedin.

Recent Posts