Using Two-Factor Authentication with Office 365

Back in the 90’s and 00’s, using encrypted e-mail and 2FA to secure systems were stigmatized as something only hackers and paranoid people used.

Increasingly, encrypted e-mail and Two-Factor Authentication (2FA), also called Multi-Factor Authentication (MFA) by Microsoft, has become more common, and more necessary.

I would document the process to enable and use 2FA for Office 365, but there’s a problem: Microsoft is continuously updating O365, so the steps and setting names this month may not be the same when you read these words. Instead, I will link to Microsoft’s documentation (and hope they keep the URL’s the same).

The pages I feel are most useful are Documentation for Administrators to set up the system, and Documentation for End Users on what to expect and how to set their authentication method(s).

In practice, enabling 2FA is pretty straightforward, but the initial user experience can be bumpy. While documentation says Office 2016 does not require an app password, that’s not correct. The morning after I enabled this on my account, upon login I was prompted for credentials when opening both the Office 365 versions of Skype for Business and Outlook.