Skip to content

How to Set Up MFA in Microsoft 365: Step-by-Step Guide

Updated

Why Enable MFA in Microsoft 365?

Microsoft 365 is the backbone of most UK businesses — it handles email, file storage, collaboration, and more. That also makes it a prime target for attackers. Compromised Microsoft 365 accounts are one of the most common entry points for business email compromise, data theft, and ransomware.

Enabling multi-factor authentication in Microsoft 365 is one of the fastest, most effective security steps you can take. Microsoft's own data shows MFA prevents over 99.9% of automated attacks on accounts. Best of all, it is included in every Microsoft 365 Business plan at no extra cost.

Before You Start

Before enabling MFA, make sure you have the following in place:

  • Global Administrator access to your Microsoft 365 tenant
  • Microsoft Authenticator app installed on your smartphone (available free on iOS and Android)
  • Staff communication — let your team know MFA is being enabled and what to expect
  • Recovery options — ensure users have a backup verification method (phone number or alternate email)

Method 1: Enable Security Defaults (Simplest)

Security Defaults is Microsoft's recommended approach for organisations that do not need granular conditional access policies. It enables MFA for all users automatically.

  1. Sign in to the Microsoft Entra admin centre at entra.microsoft.com
  2. Navigate to Identity > Overview > Properties
  3. Scroll to the bottom and click Manage security defaults
  4. Set Security defaults to Enabled
  5. Click Save

Once enabled, all users will be prompted to register for MFA the next time they sign in. They will have 14 days to complete registration before it becomes mandatory.

Method 2: Per-User MFA (More Control)

If you need to enable MFA for specific users rather than everyone at once, use the per-user MFA settings:

  1. Sign in to the Microsoft 365 admin centre at admin.microsoft.com
  2. Go to Users > Active users
  3. Click Multi-factor authentication in the top menu bar
  4. Select the users you want to enable MFA for
  5. Click Enable on the right-hand panel
  6. Confirm the action

Selected users will be prompted to set up MFA at their next login.

Method 3: Conditional Access Policies (Advanced)

For businesses with Microsoft 365 Business Premium or Entra ID P1/P2 licences, Conditional Access provides the most flexible MFA deployment:

  1. Sign in to the Microsoft Entra admin centre
  2. Navigate to Protection > Conditional Access > Policies
  3. Click New policy
  4. Name the policy (e.g., "Require MFA for all users")
  5. Under Users, select All users (or specific groups)
  6. Under Target resources, select All cloud apps
  7. Under Grant, select Require multifactor authentication
  8. Set the policy to On and click Create

Conditional Access lets you create nuanced rules — for example, requiring MFA only when users sign in from outside the office network, or when accessing sensitive applications.

Setting Up the Microsoft Authenticator App

Once MFA is enabled, each user needs to register their authentication method. Here is the process using Microsoft Authenticator:

  1. Sign in to Microsoft 365 as normal
  2. When prompted, click Next to begin MFA setup
  3. Select Mobile app as the verification method
  4. Choose Receive notifications for verification
  5. Open the Microsoft Authenticator app on your phone
  6. Tap the + icon and select Work or school account
  7. Scan the QR code displayed on screen
  8. Approve the test notification sent to your phone
  9. Click Done

From now on, each login will require approval via the Authenticator app in addition to the password.

Tips for a Smooth MFA Rollout

Rolling out MFA across a business does not have to be disruptive. Follow these tips for a seamless experience:

  • Communicate early — Send an email explaining what MFA is, why it matters, and what staff need to do
  • Provide a guide — Share a short step-by-step document or video for setting up the Authenticator app
  • Roll out in phases — Start with IT and management, then expand to the wider team
  • Set backup methods — Ensure every user has at least two verification methods configured
  • Allow a grace period — Give users a few days to register before enforcement kicks in
  • Test with a pilot group — Iron out any issues before the company-wide rollout

Troubleshooting Common Issues

Even with careful planning, some users may encounter issues:

  • Lost phone — Admins can reset a user's MFA registration from the Microsoft 365 admin centre so they can re-register with a new device
  • App not receiving notifications — Ensure the phone has an internet connection and that notifications are enabled for the Authenticator app
  • Locked out — If a user cannot access any verification method, an admin can temporarily disable MFA for that account or generate a temporary access pass
  • Legacy apps — Some older email clients do not support MFA. You may need to create app passwords or migrate to modern clients

MFA and Zero Trust

Enabling MFA in Microsoft 365 is a critical step towards a zero trust security posture. Combined with conditional access, device compliance, and identity protection, MFA ensures that every access request is properly verified.

If you need assistance setting up MFA across your Microsoft 365 environment, a managed IT provider can handle the configuration, user onboarding, and ongoing support.

Need IT Support?

Get MFA set up across your Microsoft 365 tenant — quickly and painlessly.

Get a Free IT Quote

Other articles in Passwords & Identity Security

Best Password Managers for Business UK 2026: Features & PricingWhat Is MFA? Multi-Factor Authentication Explained for BusinessWhat Is Single Sign-On (SSO)? How It Works for Business

©Connection Technologies 2026. All Rights Reserved.

Connection Technologies Limited is authorised and regulated by the Financial Conduct Authority, reference FRN 958225

Registered office: Fareham Innovation Centre, Merlin House, 4 Meteor Way, Fareham, Lee-on-the-Solent, PO13 9FU.

Registered in England and Wales, Company No. 11630924

Connect with Us

Linkedin
Sitemap