Microsoft 365 Guideline

When you sign into your online accounts - a process we call "authentication" - you're proving to the service that you are who you say you are. Traditionally that's been done with a username and a password. Unfortunately, that's not a very good way to do it. Usernames are often easy to discover; sometimes they're just your email address. Since passwords can be hard to remember, people tend to pick simple ones, or use the same password at many different sites.

That's why almost all online services - banks, social media, shopping and yes, Microsoft 365 too - have added a way for your accounts to be more secure. You may hear it called "Two-Step Verification" or "Multifactor Authentication" but the good ones all operate off the same principle. When you sign into the account for the first time on a new device or app (like a web browser) you need more than just the username and password. You need a second thing - what we call a second "factor" - to prove who you are.

A factor in authentication is a way of confirming your identity when you try to sign in. For example, a password is one kind of factor, it's a thing you know. The three most common kinds of factors are:

• Something you know - Like a password, or a memorized PIN.

• Something you have - Like a smartphone, or a secure USB key.

• Something you are - Like a fingerprint, or facial recognition.

Let's say you're going to sign into your work or school account, and you enter your username and password. If that's all you need then anybody who knows your username and password can sign in as you from anywhere in the world!

But if you have multifactor authentication enabled, things get more interesting. The first time you sign in on a device or app you enter your username and password as usual, then you get prompted to enter your second factor to verify your identity.

Perhaps you're using the free Microsoft Authenticator app as your second factor. You open the app on your smartphone, it shows you a unique, dynamically created 6-digit number that you type into the site and you're in.

If somebody else tries to sign in as you, however, they'll enter your username and password, and when they get prompted for that second factor they're stuck! Unless they have YOUR smartphone, they have no way of getting that 6-digit number to enter. And the 6-digit number in Microsoft Authenticator changes every 30 seconds, so even if they knew the number you used to sign in yesterday, they're still locked out.

Some people worry that multifactor authentication is going to be really inconvenient, but generally it's only used the first time you sign into an app or device, or the first time you sign in after changing your password. After that you'll just need your primary factor, usually a password, like you do now.

The extra security comes from the fact that somebody trying to break into your account is probably not using your device, so they'll need to have that second factor to get in.

Among those sharing account, please choose one user in the group to set up MFA.
(Note that each users will have to acquire verification code to log in )

You can set up an authenticator app to send a notification to your mobile device or to send you a verification code as your security verification method. You are required to use the Microsoft Authenticator app.

It happens. You left your mobile device at home, and now you can't use your phone to verify who you are. Maybe you previously added an alternative method to sign in to your account, such as through your office phone. If so, you can use this alternative method now. If you never added an alternative verification method, you can contact your organization's Help desk for assistance.

1. Sign in to your account but select the Sign in another way link on the Two-factor verification page.
   
   

2. If you don't see the Sign in another way link, it means that you haven't set up any other verification methods. You'll have to contact your administrator for help signing into your account.

3. Choose your alternative verification method, and continue with the two-step verification process.

If you've lost or had your mobile device stolen, you can take either of the following actions:

• Sign in using a different method.

• Ask your M365 Team's help to clear your settings.

The Help desk can make the appropriate updates to your account. After your settings are cleared, you'll be prompted to register for two-factor verification the next time you sign in.

Azure MFA detects unusual activity like repeated sign-in attempts, and may prevent additional attempts to counter security threats. If you've mistakenly made many sign-in attempts, wait until you can try again, or use a different MFA method for sign-in. If you suspect someone else is trying to access your account, contact your administrator. The error could be caused by malicious activity, misconfigured MFA settings, or other factors.

Not receiving your verification code is a common problem. The problem is typically related to your mobile device and its settings. Here are some suggestions that you can try.

• Use the Microsoft authenticator app or Verification codes

• Restart your mobile device

• Verify that your security information is correct

• Verify that your notifications are turned on

• Make sure you have a device signal and Internet connection

• Turn off Do not disturb

You sign in to your work or school account by using your user name and password. Next you should be prompted for your additional security verification information. If you are not prompted, maybe you haven't yet set up your device. Your mobile device must be set up to work with your specific additional security verification method.

Maybe you haven't set up your device yet. Your mobile device has to be set up to work with your specific additional security verification method. For the steps to make your mobile device available to use with your verification method, see Manage your two-factor verification method settings. If you know that you haven't set up your device or your account yet, you can follow the steps in the Set up my account for two-step verification article.

If you have a new phone number, you'll need to update your security verification method details. This enables your verification prompts to go to the right location.

You can add new phone numbers, or update existing numbers, from the Additional security verification page.

If you have a new mobile device, you'll need to set it up to work with two-factor verification. This is a multi-step solution:

1. Set up your device to work with your account by following the steps in the Set up my account for two-step verification article.

2. Update your account and device information in the Additional security verification page. Perform the update by deleting your old device and adding your new one.

Optional steps:

1. Install the Microsoft Authenticator app on your mobile device

2. Turn on two-factor verification for your trusted devices

You might find it more difficult to use a mobile device-related verification method, like a text messaging, while you're in an international location. It's also possible that your mobile device can cause you to incur roaming charges. For this situation, we recommend you use the Microsoft Authenticator app, with the option to connect to a Wi-Fi hot spot.

No additional charges will be applied.