Setting Up Multi-Factor Authentication (Microsoft 365)

What Is MFA and Why Do You Need It?

Multi-Factor Authentication (MFA) means that signing in requires two things: something you know (your password) and something you have (usually your phone). Even if someone steals a password, they still cannot get in without the second factor.

MFA blocks over 99% of automated attacks on accounts. It is the single most effective thing you can do to protect your business. Microsoft now enables it by default on new tenants, but older tenants may not have it turned on.

✨ Important: If you do not have MFA enabled, your business is at serious risk. Compromised email accounts are one of the most common ways small businesses lose money, through invoice fraud, data theft, and impersonation.

How to Enable MFA for Your Users

Step 1: Check your current MFA status

• Sign in to admin.microsoft.com.
• Go to Settings > Org settings > Security & privacy > Multifactor authentication.
• Alternatively, search for ‘MFA’ in the admin centre search bar.
• Check whether security defaults or per-user MFA is currently enabled.

Step 2: Enable Security Defaults (simplest option)

• For most small businesses, Security Defaults is the easiest way to enforce MFA for everyone.
• Go to the Microsoft Entra admin centre (entra.microsoft.com).
• Click Identity > Overview > Properties.
• At the bottom, click Manage security defaults.
• Set Security defaults to Enabled and click Save.
• This will require all users to register for MFA within 14 days.

Step 3: Tell your team what to expect

• Once enabled, each user will be prompted to set up MFA the next time they sign in.
• They will need to download the Microsoft Authenticator app on their phone (available free from the App Store or Google Play).
• Share the user instructions below with your team before you enable MFA, so nobody is caught off guard.

Instructions to Share With Your Team

• Download the Microsoft Authenticator app on your phone from the App Store (iPhone) or Google Play (Android).
• When you next sign in at office.com, follow the on-screen prompts. It will ask you to open the Authenticator app and scan a QR code.
• Once linked, every time you sign in from a new device or location, you will get a notification on your phone asking you to approve the sign-in.
• This takes about two minutes to set up and only a couple of seconds each time you sign in after that.

Here is what you can tell (or forward to) your staff:

Next time you sign in to your work email or Microsoft 365, you will be asked to set up an extra security step. This is to protect your account and our business. Here is what to do:

👉 Tip: Run a quick check a week after enabling MFA to make sure everyone has completed their registration. You can see the registration status in the Entra admin centre under Users > Authentication methods.