How to Set Up MFA on Your Microsoft Account
There are several ways you can improve the security of your online accounts. Whether you choose to have long, strong passwords or try to have unique passwords for every account, the more steps you take to secure your accounts the better.
But if we could only make one security recommendation, it would be setting up multi factor authentication (MFA). Of course, all passwords should be strong, but if hackers were to get hold of your password, having proper MFA in place can keep your account secure.
What is MFA?
But simply, MFA combines something you know with something you have. This something you know will most likely be a password, or a Security question, and there’s something you have could be:
- a text message to a mobile phone
- an email to a mobile phone, tablet, or computer
- biometrics, such as fingerprint or facial recognition
- An authenticator app
With multi factor authentication setup, when you log into an account you enter your username and password as usual. If these are correct you will then have to enter some other form of authentication, depending on what you have set up. For a lot of accounts, this will be entering a code sent via text message or email.
Setting up MFA on your Microsoft account
To set up MFA on a personal or family Microsoft account you will need to sign into office.com. Click on your photo in the top right and select My Microsoft Account. On the security section choose update. From there select additional security options and under 2 step verification click turn on. Follow the onscreen instructions to choose your preferred method of signing in.
Microsoft 365 Business and MFA
if you are using Microsoft 365 for business or enterprise multi factor authentication settings will be managed by your IT team. If MFA hasn’t been set up it can be done so easily with Azure Active Directory.
Here’s how to enable MFA for your business:
- Sign into office.com and select the Microsoft 365 Admin Centre
- Navigate to the Azure Active Directory Admin Centre
- Select Azure Active Directory, Properties, Manage Security Defaults
- Under Enable Security defaults select Yes and Save
The next time you and your employees sign into their Microsoft account you will be prompted to set up authentication on your phone.
Recommended MFA methods
we mentioned earlier how the most common types of MFA seem to be messages via text or email. If given the choice, we would recommend using an alternative method.
Text message MFA requests could be quite easily spoofed. if you received a message about accessing an account even if you haven’t recently signed in it may start to ring alarm bells and you might be tempted to click a link in the phishing message. If you are concerned that an account has been compromised or somebody is trying to access it, you should instead sign in directly without clicking any links.
So that you don’t fall victim to phishing attack would recommend that you use an authenticator app. These will generate a one-time password that is active for a short amount of time, normally 30 seconds. All you’ll have to do is sign into your account as normal, open the app on your phone and enter the code.
If you go for Microsoft authenticator you can add extra levels of security to the authenticator app with biometric recognition. That way if somebody got access to your phone it will be much harder for them to get into your account.
If you are using Microsoft authenticator, you’ve even got the option of signing into your account without your password. Simply enter your email address and you’ll get a notification on your phone where you can approve the sign in there.
If you want to find out more about setting up multi factor authentication for your business get in touch with ACUTEC today.