Home » Office 365 » How to Enable Two-factor Authentication in Office 365: A Guide for MFA
Office 365 ~ 4 Minutes Reading

How to Enable Two-factor Authentication in Office 365: A Guide for MFA

author
Published By Mohit Kumar Jha
admin
Approved By Admin
Calendar
Published On May 13th, 2025
Cyber attackers are continuously trying to compromise several cloud platforms, such as Microsoft 365. The rising number of cybercrimes poses a great threat to crucial data hosted in your Microsoft 365 account. Enabling two-factor authentication (MFA) in Office 365 gives you an extra layer of protection.  Hence, in this step-by-step, detailed guide, I am going to explain two ways using which you can easily set up two-factor authentication in Microsoft 365. 

What is Two-Factor Authentication in Office 365?

Two-factor authentication, also known as Multifactor Authentication in Office 365, is a security feature that adds an extra layer of security to your login process. 

Instead of only entering the password, it also requires an additional verification method, which can be a login prompt in the Microsoft Authenticator app, a text message code, or a code via phone call.

This ensures the account’s integrity and security even if your password is compromised. It is available across all Microsoft 365 and Office 365 users, and can be set up using the Microsoft 365 admin center.

Why You Should Enable MFA in Microsoft 365?

Enabling MFA comes with several security benefits, such as 

  • Enhanced account security – It prevents unauthorised access even if the credentials/passwords are stolen, leaked or compromised. 
  • Compliance – Enabling 2FA also helps in meeting industry security requirements and regulations.
  • Peace of Mind – By setting up two-factor authentication in Office 365, you can reduce the risk of data breaches and phishing attacks, and malware.

Step-by-Step Guide to Enable Two-Factor Authentication in Office 365

Follow the steps below to set up MFA in your organization:

  • Step 1. Navigate to Office 365 Admin Center by visiting (https://admin.microsoft.com/) and sign in with admin credentials.
  • Step 2. Go to the menu on the left-hand side, select users and click on Active users.
  • Step 3. At the top of the Active users page, click on Multi-factor authentication.
  • Step 4. You’ll see a list of all users. Select the users you want to enable MFA for, or choose Office 365 enable 2FA for all users.
  • Step 5. Click Enable in the right-hand pane, then confirm your choice.

Setting Up MFA at the User’s End

Once you have enabled the Multi-Factor Authentication from the Admin center, when the user signs in next time, it will prompt them to set up the two-factor authentication. They can choose the authentication as per their choice from below:

  • Microsoft Authenticator app (recommended for best security)
  • Text message (SMS)
  • Phone call
  • Email verification

How to Use the Microsoft Authenticator App with Office 365?

  • Step 1. Open the App Store or Google Play on your device. Search for the Microsoft Authenticator app. Download and install it on your device.
  • Step 2. Launch the app and configure your Office 365 account. You can set up the account by scanning the QR code provided during the setup.
  • Step 3. Once the setup is complete, each time you sign in, you’ll receive a notification to approve the login in the app.

Also read: Migrate Shared Mailbox to Office 365 – Step-by-Step Guide with Pro Tips

Enable Two-factor Authentication in Office 365 Using PowerShell

You can enable MFA in Office 365 by using PowerShell, either by using the legacy MSOnline module or the modern Microsoft Graph PowerShell SDK

Set Up MFA using Microsoft Graph PowerShell

Step 1. Run the below command to install the latest Microsoft Graph Module required for users and authentication policies. 

Install-Module Microsoft.Graph -Force

Step 2. Configure and connect the required permissions by running the following command.

Connect-MgGraph -Scopes "User.Read.All", "Policy.ReadWrite.AuthenticationMethod"

Step 3. Run the below command to enable MFA for a single user.

Replace <user-id> with the actual Entra ID user object ID

$userid = "<user-id>"

$body = @{"perUserMfaState" = "enabled"}

Invoke-MgGraphRequest -Method PATCH -Uri "/beta/users/$userid/authentication/requirements" -Body $body

Executing this command enables MFA for the specified user.

Step 4. Run the below command to enable MFA for all users in the tenants.

$users = Get-MgUser -All | Select-Object UserPrincipalName, Id

foreach ($user in $users) {

    $userId = $user.Id

    $body = @{"perUserMfaState" = "enabled"}

    Invoke-MgGraphRequest -Method PATCH -Uri "/beta/users/$userId/authentication/requirements" -Body $body

    Write-Host "Enabling MFA for user: $($user.UserPrincipalName)" -ForegroundColor Green

}

Write-Host "MFA status has been enabled for all users." -ForegroundColor Cyan

Troubleshooting Office 365 Two-Factor Authentication Issues

There are instances when users encounter errors while enabling or using MFA. I have listed a few common ones.

  • Did not receive verification code –  Make sure your device has active internet, and ensure the correct phone number is entered. You can also try a different authentication method.
  • Authenticator app not working – If the app is not working, then make sure to update it to the latest version, and also check that the time and date sync is enabled.
  • Lost access to the authentication device – If you lost access to the registered device, make sure to contact your admin to reset the MFA settings.

Also read: How to Grant Application Impersonation Rights in Office 365 – Revealed

 Wrapping Up

By enabling two-factor authentication in Office 365, you can secure your organisation from cyber threats. Go through the above step-by-step guide and use either of these two methods to implement MFA. Don’t wait for a security breach to happen; enable or set up multi-factor authentication in Microsoft 365, and make it a part of security best practices.

Table of Contents