These days a simple password isn’t always enough to make sure that someone is who they say they are. There so many ways that passwords can be leaked or stolen:
Malicious software, Phishing, Shoulder surfing, Social engineering
That’s why as a response to the global cyber threat activity, we are making it mandatory for all current and future customers using Microsoft 365 to use 2-step verification aka Multi-Factor-Authentication (MFA) by way of a secondary security code to log in to Microsoft 365 accounts. This will ensure external cyber threat actors cannot compromise your Microsoft 365 accounts and to reduce the chances further of you and your clients being affected by phishing attacks, CEO whaling and email fraud.
What Do I Have To Do?
Once we have enabled the MFA security setting on your account, the next time you log in to any Microsoft 365 application (both installed on your computer and through your web browser), you will be prompted to do the following:
- We recommend using the Microsoft Authenticator app for 2-step verification and you will need to first install it on your mobile phone. Please choose the mobile phone app relevant to you and install it at https://support.office.com/en-gb/.
- On your computer browser visit https://account.activedirectory.windowsazure.com and sign in with your Microsoft 365 work email address and password.
- You will need to choose to use the “Mobile app” and “Receive notifications for verification” to receive the 2-Step verification requests. You can choose SMS if you wish and enter your mobile number but we recommend using the Microsoft Authenticator app, especially if you are already using it for MFA to login to your office workstations remotely. Then click Set up.
- Open the Microsoft Authenticator app on your mobile phone, add a “Work or school account” and with your phone camera scan the QR code that you will see on your screen. If the App asks for camera permission please grant this. An example of the QR code you will see is below, but ensure you scan your QR code on your screen and NOT the one in this article. Once the app displays a six-digit code, click
- It will now ask you to verify your app, click Next again and it will send a test approval to your mobile phone, for you to approve it in the Microsoft Authenticator app. Watch out for the notification and approve it.
- Finally, enter your mobile number and be sure to select the United Kingdom. Then press Next. This is only used as a backup but it’s very useful if you change your phone or lose the app.
That’s it…you is now set up for MFA and have cyber secured your Microsoft 365 account!
What Happens Next?
As your Microsoft 365 account has now been MFA enabled you will have to re-login to Outlook, Office and also any Microsoft 365 apps on your phone, such as Outlook. When prompted enter your usual Microsoft 365 email address and password and then approve the login on your phone using the Microsoft Authenticator app.
This two-step security process will occur when you re-login to Microsoft 365 after 30 days when you attempt to log in from any new device or IP address when your Microsoft 365 password is reset and at any time there is a suspected security or account issue.
If you get stuck with any of the steps, please call our Support Team on 02394 003090 (press option 1) and we will be glad to walk you through the process.