Enable or disable multi-factor authentication

Multi-factor authentication (MFA) adds additional security to your Microsoft 365 accounts by preventing unauthorized access to your email.

Enable multi-factor authentication

1. Sign in to Outlook on the web with your Microsoft 365 email address and password.
2. Once you're signed in, go to the multi-factor authentication page.
3. Select the check box next to the user having MFA enabled.
   
4. The quick steps will display on the right. Select Enable.
   
5. In the confirmation window, select enable multi-factor auth, and then close.
6. Select the check box for the same user. Then under quick steps, select Enforce.
   
7. Sign in to Outlook on the web using the email account for which MFA was just enforced. You'll need to enter the phone number you want the verification code sent to, and select Next.
   

   Note: You can also use the Microsoft Authenticator app instead of providing a phone number.

8. After you've set up MFA, you'll get an app password for email clients that use basic authentication (like Outlook 2010). Make note of this, and select Done.

Disable multi-factor authentication

1. Sign in to Outlook on the web with your Microsoft 365 email address and password.
2. Once you're signed in, go to the multi-factor authentication page.
3. Select the check box next to the user you want to remove MFA from.
   
4. The quick steps will display on the right. Select Disable.
   
5. In the confirmation window, select yes, and then close.

More info

• Managing multi-factor authentication
• Managing app passwords

Note: While we link to Azure for this process, our scope of support for Azure Active Directory is limited. We provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products.