A couple of weeks ago, I showed you how to set up two-factor authentication (2FA) for Office 365 users. In today’s Ask the Admin, I’ll show you how to do the same thing but for consumer Microsoft Accounts.
Passwords are easily stolen or guessed, so it’s important not to rely on them alone. Multifactor authentication adds one or more factors, in addition to your password, to make it harder to use guessed or stolen credentials. A second factor might be something you have, such as a smartphone or token, along with something you know, like a password.
Enabling 2FA for a Microsoft Account is relatively simple, and a smartphone application, email, or phone number can be used as the second form factor. If you are exclusively using Windows and Microsoft apps, you’ll find that enabling 2FA doesn’t cause any applications compatibility issues. If you are using apps with your Microsoft Account on other platforms, you might be required to enter app passwords where 2FA isn’t directly supported.
For more information on how to enable 2FA in Office 365, see Enable Multi-Factor Authentication for Office 365 Users on the Petri IT Knowledgebase.
Enable Two-Factor Authentication
Before starting, it’s worth considering Microsoft’s advice about keeping three pieces of security information on your account. That means that your contact details should be up-to-date, and if you forget your password, you will need two contact methods if 2FA has been enabled.
In the instructions that follow, I’ll set up 2FA for my Microsoft Account using the Microsoft Authenticator app installed on a Windows 10 Mobile device. The Microsoft Authenticator app provides the most convenient and secure means of using 2FA. You can download the app here for Windows 10 Mobile. For iOS or Android devices, you can find Microsoft Authenticator in the Apple or Google Play stores respectively. The instructions for iOS and Android devices will vary slightly from what follows.
- Go to the security information page for your Microsoft Account here.
- Sign in using your Microsoft Account email and password.
- On the Security settings page, make sure that you have three or more pieces of security info configured below Security info helps to keep your account secure.
If you need to add a phone number or alternate email address, click Add security info and fill out the required information. You’ll need to verify the number or address you provide.
- Under Two-step verification, click Set up two-step verification.
- On the Set up two-step verification screen, click Next.
- On the Setting up an identity verification app screen, click the device on which you will install a verification app, and then Next.
- Now open the Microsoft Authenticator app on your chosen device, and select + Add account from the hamburger menu in the top left.
- On the What kind of account are you adding? screen, click Personal account.
- On the Choose an account screen, click the Microsoft Account that you are configuring for 2FA.
- Verify your PIN or gesture if Windows Hello is enabled.
- Your Microsoft Account will now appear in the list of accounts in the Microsoft Authenticator app.
If you’re not using Windows Phone, you’ll be prompted to scan a barcode on the Set up the Microsoft Authenticator app screen.
- Click Skip at the bottom of the Set up the Microsoft Authenticator app screen.
- Go back to the security information page for your Microsoft Account here.
- Under Two-step verification, click Set up two-step verification again.
- On the Two-step verification is turned on screen, make a note of your recovery code or print it out, and then click Next.
- You’ll be prompted to set up app passwords for Windows Phone 8.1 if you’re using Windows 10 Mobile, you can skip this step and click Done.
- Click Finish to complete the process.
2FA is now enabled for your Microsoft Account. On trusted devices, you won’t be required to provide a second factor when logging in. On all other devices, you will need to use the second factor when signing in.