Security is always excessive until it’s not enough

Robbie Sinclair

Head of Security, Country Energy, NSW Australia

Two Factor Authentication (2FA)

Two Factor Authentication is an extra layer of security that makes sure a person trying to access an account is who they say they are. A password is ‘something that you know’, but also something that other people may know or be leaked on the dark web. Without 2FA enabled, anyone with your email and password would be able to access and misuse your mailbox or impersonate as you.

Accessing a 2FA enabled resource requires both the password and a second piece of identity provided through ‘something you have’ (a code or device) or ‘something you are’ (iris, fingerprint, or voice). To leverage the better security that 2FA provides, we will be enforcing 2FA across all Microsoft 365 products. 2FA provides a key layer of defense against account hijacking, brute-force logins, shared passwords, and phishing.

 

 

How do I enable Microsoft 365 2FA on my user account?

You can use the instructions below to enable Office 365 two factor authorisation (2FA) and how to use the Microsoft Authenticator App for 2FA.

You will need your:

Company Email Address username@company.ca
Password Login password for your Office 365 mailbox
Computer  to access your Office 365 mailbox via a web browser
Mobile phone to host the Authenticator app, and a mobile phone number for additional security purposes

 

These instructions take you through the following steps, it is important that all these steps are followed. (Estimated time: 5 minutes)

 

Step 1 – Download Microsoft Authenticator app to your mobile device

  1. Navigate to your smart phone’s App Store and search for Microsoft Authenticator app. The search results should have found the following app,
    iphone app store
  2. Download the app to your phone.
  3. Once download is complete,  a new icon will have appeared on your phone called Authenticator.
    Authenticator app icon

 

Step 2 – Access Office 365 user account online

  1. Using your computer, open a browser and navigate to  https://login.microsoftonline.com.

  2. Log into Office 365 online with your company email address and password.
  3. Your IT Administrator will already have enabled 2FA on your company user account, so you should receive the following prompt asking you to setup 2FA.
    Set up your Microsoft 365 sign-in for multi-factor authentication
  4. Click on Next.
  5. You will then arrive on the page called Additional Security Verification asking you which security method you would like to use.
    mobile-app-security
  6. Select the option Mobile App from the drop down list and select Use verification code from the list of choices, click Set up.
  7. Once this has been completed you will be displayed with the message below.
    configure mobile app

    This contains the QR Code (black square) which you will need to scan with the Authenticator app downloaded in Step 1 to setup your account.

 

Step 3 – Configure the Microsoft Authenticator App

  1. With your mobile phone in hand, open the Microsoft Authenticator app.
  2. Skip any Intro screens the app may present to you until you get to the Ready to add your first account? screen or similar.
    2fa add account
  3. Select Add account or “+” icon in the top right corner of the app screen.
  4. Select the option Work or school account.
    KB-2FA-104
  5. You may be asked to allow the app to use your phone’s camera, click OK to allow this.
  6. You will be presented with a screen called Scan QR code with a square camera box in the middle of the screen.
    KB-2FA-204
  7. Lift the mobile device so that the QR code on your computer screen sits inside the Scan QR code camera square.
  8. As soon as the Authenticator app has scanned the QR code the following screen will appear on the computer screen. Set up button is greyed out and the Next button is highlighted.
    next steps

    On the Authenticator app on your mobile phone a new account will have been created, displaying a set of 6 digits that updates every 30 seconds.  This ever-changing number provides the second authentication factor required for 2FA.

  9. Click Next on your computer screen.
  10. You will then be prompted for the six-digit verification code from the Authenticator app. 
    enter verification code

     

  11. Enter the six-digit code displayed on your mobile phone Authenticator app and click Verify
    2FA phone number

     

  12. Select the country from the drop down list and then enter your mobile telephone number. Click Next.

     

Step 4 – IMPORTANT STEP: Save the App Password

 

  1. An Authenticator App password will be presented to you. please make a note of this and keep it safe. Write it down or use the copy tool to the right of the password then paste into notepad, so that you can save it to your computer. 
    KB-2FA-208

    Select Finished when you are sure you have a copy of the password stored.

OUTLOOK ON YOUR PC & MOBILE DEVICE WILL NEED THIS APP PASSWORD WHEN YOU NEXT USE IT

Step 5 – Login to your Office 365 account using 2FA

  1. Open Outlook on your computer and when prompted enter your company email address (username) and click next
  2. Enter your Windows password (your computer logon password) then click Next.
  3. You will then be prompted to enter the six-digit verification code from the Authenticator app on your phone. Enter the code and your Outlook will run as normal.