Enable or disable multi-factor authentication
Multi-factor authentication (MFA) prevents unauthorized access to your Microsoft 365 account. MFA requires a verification method, like a code sent to you in a text message, whenever you sign in to your account. If your password is ever compromised, attackers can't duplicate this verification method and are blocked from accessing your account.
The steps in this article work best for individual users. To enable or disable MFA for all users in your organization, manage your security defaults.
Enable multi-factor authentication
Turn on MFA to require adding a verification method for selected users.
- Sign in to Outlook on the web with your Microsoft 365 email address and password.
- After you're signed in, go to the multi-factor authentication page.
Note: If you’re not an admin but try to access the page, you’ll see the error message “You do not have sufficient permission to access this page.”
- To enable MFA for a specific user, select the checkbox next to their display name. quick steps will display on the right.
- Select Enable.
- In the confirmation window, select enable multi-factor auth, and then select close. MFA will be enabled for the selected user.
- Select the checkbox for the same user. Under quick steps, select Enforce.
- Sign in to Outlook on the web with the email account that had MFA enforced. Enter a phone number for your MFA method, and then select Next.
- If you don't want to provide a phone number, use the Microsoft Authenticator app instead.
- After enabling MFA, you'll receive an app password for email clients using basic authentication, like Outlook 2010. Make note of it, and then select Done.
We recommend adding another sign-in method in case you lose access to your primary method.
Disable multi-factor authentication
Turn off MFA to stop requiring a verification method for the selected users. They'll only need their email address and password to sign in.
- Sign in to Outlook on the web with your Microsoft 365 email address and password. If you don't have access to the sign-in method, reset your MFA first.
- After you're signed in, go to the multi-factor authentication page.
- To disable MFA for a specific user, select the checkbox next to their display name. quick steps will display on the right.
- Select Disable.
- In the confirmation window, select yes and then select close. MFA will be disabled for the selected account.
Related steps
- Add or change my multi-factor authentication method
- I can't access my multi-factor authentication method
More info
- When securing your mailbox, you might want to sign out of all devices and reconnect using MFA.
- We also recommend securing your GoDaddy account with 2-step verification.