Help Me Enable MFA

Why MFA Matters

Multi-factor authentication (MFA) adds a second verification step beyond your password, reducing account compromise risk by over 99%. Even if your password is stolen, MFA helps keep your account secure.

Choose Your MFA Method

Mobile Authenticator App

How It Works
  • Generates time-based codes every 30 seconds
  • Push notifications for instant approval
  • Works offline once set up
  • Free Microsoft Authenticator app
Best For

Most users who have a smartphone and want convenient, secure access.

YubiKey Hardware Token

Requires pre-approval and additional hardware.

How It Works
  • Physical USB/NFC security key
  • Touch the key to authenticate
  • Works across all devices and browsers
  • Most secure authentication method
Best For

Users who want maximum security, share computers, or have compliance requirements.

Not sure which to choose? The Mobile Authenticator is a great fit for most users—it's free, convenient, and very secure. YubiKey provides the highest level of security and is ideal for administrators or executives.

iPhone / iPad Setup

Step 1: Download Microsoft Authenticator

Open the App Store and search for "Microsoft Authenticator." Download and install the free app from Microsoft Corporation.

App Store showing Microsoft Authenticator

Step 2: Access Your Security Info Page

Open your browser and go to aka.ms/mfasetup (or mysignins.microsoft.com/security-info). Sign in with your work email and password if prompted.

Microsoft 365 login page

Step 3: Add Sign-in Method

On the Security Info page, click "Add sign-in method". From the dropdown, select "Authenticator app" and click "Add".

Add sign-in method screen

Click "Add sign-in method" to begin

Step 4: Start Setup Wizard

Click "Next" on the wizard screen. Microsoft will display a QR code you'll use to link your account to the Authenticator app.

Setup wizard with QR code

The setup wizard will guide you through

Step 5: Scan QR Code

Open Microsoft Authenticator on your device, tap the "+" button in the top right, select "Work or school account", then tap "Scan QR code" and point your camera at the QR code on your computer screen.

Authenticator QR code scanning

Scan the QR code with your phone

Step 6: Complete and Test

After scanning, click "Next" on your computer. You'll receive a test notification in the Authenticator app. Tap "Approve" to verify the setup.

Once approved, your Microsoft Authenticator is ready to use. You'll use it to approve sign-in requests going forward.

Approve test notification

Approve the test notification

Tips
  • Enable biometric authentication in the app for faster approvals.
  • The app works without internet connection once the initial setup is complete.

Android Setup

Step 1: Download Microsoft Authenticator

Open the Google Play Store and search for "Microsoft Authenticator." Download and install the free app from Microsoft Corporation.

Play Store showing Microsoft Authenticator

Search for Microsoft Authenticator

Step 2: Access Your Security Info Page

Open your browser and go to aka.ms/mfasetup (or mysignins.microsoft.com/security-info). Sign in with your work email and password if prompted.

Microsoft 365 login page

Step 3: Add Sign-in Method

On the Security Info page, tap "Add sign-in method". From the dropdown, select "Authenticator app" and tap "Add".

Add sign-in method screen

Select Authenticator app method

Step 4: Start Setup Wizard

Tap "Next" on the wizard screen. Microsoft will display a QR code you'll use to link your account to the Authenticator app.

Setup wizard displays QR code

Setup wizard displays QR code

Step 5: Scan QR Code

Open Microsoft Authenticator on your Android device, tap the "+" button, select "Work or school account", then tap "Scan QR code" and scan the QR code on your screen.

Authenticator account setup

Point your camera at the QR code

Step 6: Complete and Test

After scanning, tap "Next" on your device. You'll receive a test notification in the Authenticator app. Tap "Approve" to verify the setup.

Once approved, your Microsoft Authenticator is configured and ready to use.

Approve test notification

Approve the test notification

Tips
  • Register a backup phone number for account recovery.
  • Enable fingerprint or face unlock in the app for quick access.
  • The app generates codes offline after initial setup.

YubiKey Setup

Before You Begin

Ensure you have a YubiKey 5 series (5 NFC, 5C, 5Ci, etc.) or YubiKey Security Key series. These support FIDO2/WebAuthn, which is required for Microsoft 365.

Note: Older YubiKey models (YubiKey 4 and earlier) do not support FIDO2 and will not work with this setup.

Step 1: Access Security Info Page

Go to aka.ms/mfasetup (or mysignins.microsoft.com/security-info) and sign in with your work credentials.

Microsoft Security Info page

Step 2: Add Security Key Method

Click "Add sign-in method", select "Security key" from the dropdown, and click "Add".

Note: Make sure to select "Security key" (for FIDO2 devices like YubiKey), not "Hardware token" (which is for different OATH TOTP devices).

Security key option in dropdown

Select "Security key" from the dropdown

Step 3: Choose How to Connect

You'll be asked how you want to connect your YubiKey:

  • USB device — plug it into a USB port
  • NFC device — tap it on your device

Choose the method you're using now and click "Next". If your YubiKey supports both, you can use either method after setup.

Choose USB or NFC

Choose USB or NFC

Step 4: Insert and Activate Your YubiKey

Insert your YubiKey into a USB port (or tap it on an NFC reader). Your browser will prompt you to activate your security key.

First-time setup: You'll create a PIN for your YubiKey. Choose a strong PIN you'll remember—you'll need it every time you sign in.

Touch the gold sensor on your YubiKey when prompted to complete registration.

Create PIN for YubiKey

Create your PIN and touch the key

Step 5: Name Your YubiKey

Give your YubiKey a recognizable name (e.g., "Office YubiKey" or "Primary Security Key"). Click "Next" to complete setup.

Name your security key

Name your security key

Step 6: Test Your YubiKey

Test by signing into Microsoft 365. You can use your YubiKey as a second factor with your password, or for completely passwordless sign-in.

  1. Sign out of Microsoft 365 (or open a private browser window)
  2. Go to office.com
Microsoft 365 sign-in page

Microsoft 365 sign-in page

Step 6a: Select "Sign in with a security key"

Click "Sign-in options" below the password field, then select "Sign in with a security key". This lets you sign in without typing your password.

Sign in with security key option

Select "Sign in with a security key"

Step 6b: Insert Your YubiKey

When prompted, insert your YubiKey into a USB port (or tap it if using NFC). Your browser will detect the security key.

Browser prompts for security key

Step 6c: Enter Your PIN

Enter the PIN you created during setup. This confirms you're authorized to use this YubiKey.

Enter security key PIN

Enter your security key PIN

Step 6d: Touch Your YubiKey

Touch the gold sensor on your YubiKey when it starts blinking. This confirms you're physically present with the key.

Touch the YubiKey sensor

Touch the YubiKey sensor

Step 6e: Select Your Account

If you have multiple accounts registered on your YubiKey, select your work account. This step only appears if the same key is registered with more than one Microsoft account.

Choose your account (if applicable)

Step 6f: You're Signed In

You've signed in using your YubiKey without entering a password. Your account is now protected by phishing-resistant, passwordless authentication.

You logged into Microsoft 365 using only your YubiKey and PIN—no username or password required. This makes your account significantly more secure against phishing attacks.

Successfully signed in

YubiKey Tips
  • Register a backup YubiKey in case you lose your primary one.
  • Store your backup securely in a different location from your primary key.
  • Remember your PIN—keep it stored securely, separate from your YubiKey.
  • Add a backup phone method as an additional MFA option for redundancy.
  • Cross-platform—your YubiKey works across Windows, Mac, iOS, and Android.
  • NFC support—if your YubiKey supports NFC, you can tap it on your phone or laptop.

Need Help?

If you run into any issues during setup, our IT support team is ready to help.

Submit a Support Request