Enable or disable multi-factor authentication
Multi-factor authentication (MFA) adds additional security to your Microsoft 365 accounts by preventing unauthorized access to your email.
Required: You need admin permissions to change MFA settings. For more info, see admin roles from Microsoft.
Enable multi-factor authentication
- Sign in to Outlook on the web with your Microsoft 365 email address and password.
- Once you're signed in, go to the multi-factor authentication page.
- Select the check box next to the user having MFA enabled.
- The quick steps will display on the right. Select Enable.
- In the confirmation window, select enable multi-factor auth, and then close.
- Select the check box for the same user. Then under quick steps, select Enforce.
- Sign in to Outlook on the web using the email account for which MFA was just enforced. You'll need to enter the phone number you want the verification code sent to, and select Next.
Note: You can also use the Microsoft Authenticator app instead of providing a phone number.
- After you've set up MFA, you'll get an app password for email clients that use basic authentication (like Outlook 2010). Make note of this, and select Done.
Disable multi-factor authentication
- Sign in to Outlook on the web with your Microsoft 365 email address and password.
- Once you're signed in, go to the multi-factor authentication page.
- Select the check box next to the user you want to remove MFA from.
- The quick steps will display on the right. Select Disable.
- In the confirmation window, select yes, and then close.
Related steps
More info
- To automatically require MFA for all users in your organization, enable security defaults.
Note: While we link to Azure for this process, our scope of support for Azure Active Directory is limited. We provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products.
