Multi-Factor Authentication
for Microsoft 365

Following industry best practise, we recommend all users to have Multi-Factor Authentication (MFA) enabled for their Microsoft 365 users.

What is MFA

Multi-factor authentication (MFA) is defined as a security mechanism that requires an individual to provide two or more credentials in order to authenticate their identity. This can be in the form of passwords, push notifications, hardware tokens, numerical codes, biometrics, time, and location.

By simply adding one or more simple steps to authenticate your employees before they access your company data, the majority of cyberattacks never prove successful. Microsoft Authenticator App maintains the security of MFA but gives you back your time. It works on both iOS and Android devices.

Login requests for new devices or unrecognised locations can be simply approved by the end-user on their mobile devices.

Why Have Multi-Factor Authentication (MFA)?

Cybercriminals have more than 10+ billion stolen credentials to choose from. When they choose yours, they could take over your account, email system, and more.

Multi-factor authentication is important, as it makes stealing your information harder for the average criminal. The less enticing your data, the more likely that thieves will choose someone else to target.

As the name implies, MFA blends at least two separate factors. One is typically your username and password, which is something you know. The other could be:

Something you have. A cellphone, keycard, or USB could all verify your identity.

Adding this secondary factor to your username/password protects your privacy. And it’s remarkably easy for most people to set up.

MFA is recommended by both Microsoft and also the New Zealand Government’s Computer Emergency Response Team (CERT NZ) https://www.cert.govt.nz/it-specialists/guides/securing-access-to-microsoft-365/

How does it work when having to sign in

You will be asked to approve the login using the Microsoft Authenticator App on your phone

Step-by-Step to enable MFA

Before we begin, you or your IT team must have enabled MFA on your Microsoft 365 tenant.

1. On your Computer
2. Login on https://aka.ms/mfasetup using your preferred browser such as Google Chrome
3. Click on “Sign In” and enter your login details
4. The following screen will appear asking you to provide additional information:
   

4. Press “Next”
5. The Microsoft MFA wizard will now take you through the enrolment process

6. You can download the “Microsoft Authenticator” App on your phone for free.
7. Once you have downloaded the app, open the app and choose to Add new account (do not sign in to an existing account)
8. Choose Work or School Account
9. You should now have the option to Scan a QR Code
10. Please make sure you allow the Microsoft Authenticator app to use your camera (if asked, this is to scan the QR code). If the app cannot use the camera, you will not be able to complete the setup correctly. Once the app is installed, you will need to set up your account to connect to the app.

8. Once the app has been registered against your account, You will be asked to validate that it has been set up correctly.

9. You will receive a push notification from Microsoft Authenticator on your phone. You will need to press the Approve button to continue.
10. Once approved the setup has been completed and you can proceed.

11. Press “Next”
12. In case you lose your phone, you will be asked to add a backup method. The normal MFA via SMS. You will be asked to enter your mobile phone number. Once entered press “Next”

13. You will receive a code on your mobile, enter it on your computer to validate it. When successful, you will receive the following screen “SMS verified successfully”

14. Congratulations! The MFA setup has been completed and your account now has extra security added.