I am going to show how to enable and configure Multi-Factor Authentication for Office 365. Microsoft recently expanded the ability to utilize Multi-Factor Authentication (MFA) to all users, previous it had only been available for Admin users. You can also review the Multi-Factor Authentication guide to assist with you deployment.
To begin with login to the Office 365 Portal with Administrative credentials and navigate to the User and Groups section
Select the ‘Set up’ link for the Set Multi-factor authentication requirements
I Switched the View to Sign-In allowed users, I then selected the Addison McNeill account and client on the Enable link on the right
The shortened Link in the dialog box goes to https://account.activedirectory.windowsazure.com/Proofup.aspx, this allows the user to setup MFA themselves, especially useful for users who do not login via the browser. I then just hit the enable multi-factor auth button.
Update Successful and just hit close
By Selecting the Service Settings area you can choose whether to allow the App Passwords to be used. App Passwords allow for authentication from non-browser clients like Outlook or Lync clients.
Now let’s switch gears and take a look at what the end user experience is.
I enter the username and password (I have DirSync with Password Sync configured in my lab) and click Sign in
Since this is the first time I am logging into Office 365 with this account after setting up MFA, I need to set it up now
I get redirected to the above page to setup MFA. I enter my country and mobile phone number and choose whether I want a call or SMS text message and click next
I then click on verify now to verify the MFA setup with my mobile phone
I receive an SMS text on my phone with the code
Enter the code into the box and click verify
I now have browser based MFA setup, clicking on next will take me to the next step
Now I will generate an app password to use with Outlook
What I have found that at this point it is best to log out and then log back into the https://account.activedirectory.windowsazure.com/Proofup.aspx site. Seems most of the time when I click on generate app password I get an error page.
Now that I have setup MFA, after I enter my Username and Password I am then prompted to enter the new code that I received on my phone via SMS text
Clicking on app Passwords brings me to this screen to create a new app password
Give it a name and click next
I am presented with the app password, I have found just selecting and copying works better than using the copy password to clipboard link, and then I close and have a list of my app passwords
Now I have an app password to use. Let’s go login Outlook. Here is a link to how to use app passwords with various clients, http://technet.microsoft.com/library/en-us/dn270518.aspx#apppasswordchange
When I launch Outlook for my user that already had an Outlook profile setup and set to remember password this is the experience
Outlook launches and brings up a login dialog box with my previously saved password. I switch the saved password to my app password, remember to click Remember my credentials, and click OK
I am then connected to my mailbox. If I close and re-launch Outlook I am not prompted for a password and Outlook connects to my mailbox.
Hope this overview was helpful about setting up MFA!