🔒 How to Set Up Multi-Factor Authentication (MFA) in Microsoft 365
🔒

How to Set Up Multi-Factor Authentication (MFA) in Microsoft 365

Category: Microsoft 365 · Audience: Client & Internal · Updated: March 2026

Protect your account with a second layer of verification. This guide covers Microsoft Authenticator setup, backup methods, and common issues.

What Is MFA and Why Does It Matter?

Multi-factor authentication adds a second verification step when signing in — typically a code or approval from your phone. Even if your password is stolen, MFA stops attackers from accessing your account. It's one of the most effective protections available and is a core recommendation of the ACSC Essential Eight.

Good to know: MFA only prompts once per device if you select "Don't ask again for 14 days" — it doesn't interrupt your workflow every time you sign in.

What You'll Need

Before starting, make sure you have your smartphone nearby (iPhone or Android) and access to your Microsoft 365 account email and password. The setup takes about 5 minutes.

Step-by-Step Setup

Part 1 — Install Microsoft Authenticator

  1. Download Microsoft Authenticator — Open the App Store (iPhone) or Google Play Store (Android) and search for "Microsoft Authenticator". Download and install the app.
  2. Open the app and allow notifications — When prompted, allow push notifications. This lets the app send approval requests when you sign in.

Part 2 — Link Your Microsoft 365 Account

  1. Go to the MFA setup page — On your computer, open a browser and go to mysignins.microsoft.com/security-info. Sign in with your work email and password.
  2. Click "Add sign-in method" — Select "Authenticator app" from the dropdown, then click "Add". Follow the on-screen prompts until a QR code appears.
  3. Scan the QR code with the Authenticator app — In the Authenticator app on your phone, tap the "+" icon, choose "Work or school account", then "Scan a QR code". Point your phone camera at the QR code on screen.
  4. Approve the test notification — Microsoft will send a test approval to your phone. Tap "Approve" in the Authenticator app to confirm the link is working.

Tip: Add a phone number as a backup method in case you lose access to the Authenticator app. Go to the same security info page and add "Phone" as a second method.

Common Issues

"I'm not getting the approval notification"

Make sure notifications are enabled for the Authenticator app in your phone settings. If it still doesn't work, open the app manually — pending approvals appear on the home screen. If the request has expired, try signing in again to trigger a new one.

"I got a new phone — how do I move MFA?"

Install the Authenticator app on the new phone, then go to mysignins.microsoft.com/security-info, remove the old device, and re-add the Authenticator app by scanning a new QR code. If you can't sign in at all, contact ATS Systems on 07 3523 3660 and we'll reset your MFA.

"I'm locked out of my account"

If you've lost access to your phone and backup method, call 07 3523 3660. Our team can verify your identity and perform an MFA reset so you can re-register.

⚠ Important: Never approve an MFA request you didn't initiate. If you receive an unexpected approval prompt, deny it and change your password immediately — someone may have your credentials.

🔒 Internal Note (Technicians)

To reset a user's MFA, go to Entra ID → Users → select user → Authentication methods → click "Require re-register multifactor authentication". The user will be prompted to set up MFA again on next sign-in. For Conditional Access-managed tenants, check the per-user MFA portal is disabled to avoid conflicts.

Need help? Call 07 3523 3660 or submit a ticket at atssystems.com.au/support/ticket/