What is Two-Factor Authentication?


2FA/MFA protects an account by adding an extra verifying step during login, typically a one-time use code, that is entered after your username and password. This additional factor prevents a third party from accessing your account even if they know your password. While there are more than a few options out in the wild, Office 365 only supports the following (for now):


Method
Steps after Username / Password login
Author's Rating
Setup and Use
Text message
Microsoft will send you a text message with a numbered code. Enter the code into the box to complete sign-in.
⭐⭐
Provide mobile number to setup
Must enter a six digit code every login
Phone call
Microsoft will call your cell phone with an automated message, press # when prompted to and you'll automatically be signed in.
⭐⭐⭐
Provide mobile or office number to setup
Single press of a button to login
Rolling code
You'll be asked for a six-digit code, open the Microsoft Authenticator app installed on your phone and enter the code displayed

Must install an app to setup
Must enter a six digit code every login
App popup
The Microsoft Authenticator application will pop up asking if you'd like to log in, click yes to be automatically signed in.
⭐⭐⭐
Must install an app to setup
Single click of a button to login


You can change your method at any time, and even use a backup if you lose your phone or accidentally uninstall the app.


What do I need to know?


Well, security is a compromise, and usually one of convenience. While 2FA is enabled on your account you won't be able to just use your password to login to any email application. Outlook 2016 and Outlook Mobile both support 2FA, but older versions of Outlook, Mac Mail, Thunderbird, and Gmail won't accept your password anymore. You'll need to set up a one time use Application password.


An application password is a string of letters and numbers that you use to log into a trusted application ONCE. The good news is even if you change your password in the future, any app using one of these passwords won't need to be re-authenticated. To setup an application password follow this link and login to Office 365. Screenshot below.



For example, to add your email to your iPhone using the Mail app you'd click Create, name your device, and use the password it gives you to login to the Mail app. Once you use this password it can't be used again, but you also won't have to login to that app again. Details.