Skip to main content

Securing Microsoft Accounts

This step-by-step guide shows you how to secure your Microsoft account with the use of multi-factor authentication (MFA), also known as two-step verification for Microsoft accounts.

There are a variety of apps you might use with your Microsoft account. Some examples include Outlook, Microsoft 365, Microsoft Office, OneDrive, Skype, Teams, Xbox and signing in to Windows devices.

For more information on additional security features please visit Microsoft’s website.

Multi-factor authentication

What is MFA?

Multi-factor authentication or MFA is a way to improve the security of your most important accounts. It requires you to produce a combination of two or more of the following authentication types before granting access to an account:

  • something you know (e.g. a PIN, password or passphrase);
  • something you have (e.g. a smartcard, physical token, authenticator app, SMS or email); and
  • something you are (e.g. a fingerprint, facial recognition or iris scan).

Two-factor authentication (2FA) is the most common type of MFA, requiring two different authentication types.

Why is it important to turn MFA on?

MFA makes it harder for cybercriminals to gain initial access to your account by adding more layers of authentication, requiring extra time, effort and resources to break. Think of adding MFA to your account like adding a locked security screen to your home. It provides you with an extra layer of protection from criminals trying to break in.

How do I turn MFA on?

How to turn on MFA depends on the software or service you are using. However, the steps are somewhat similar for most applications. Icons and language may differ slightly depending on the software or device you are using.

Turn on MFA for your Microsoft Account

These steps will show you how to turn on MFA for your Microsoft Account.

After you turn on MFA, you’ll need both your password and an additional authentication method to log in to your Microsoft account. This could be a security code from an authenticator app, SMS, or phone call. Alternatively you could get a notification to the Microsoft authenticator app on your smartphone.

MFA makes it harder for cybercriminals to access your account and it could also alert you to any suspicious activity. This means if your password is guessed or stolen and a cybercriminal is trying to login to your account, you will be sent a security code or notification. This will prevent them from logging in to your account as they won’t have the security code or you can deny them entry if you use the Microsoft authenticator app. You can then change your password to secure your account. If you don’t have MFA turned on, you may not get notifications on attempts to log in to your account.

This guide will show you how to set up MFA for your Microsoft Account on your computer. If you don’t have access to a computer you can follow these steps on any device, however some screens may appear different than pictured.

1. Open an internet browser (for example Google Chrome, Microsoft Edge, Mozilla Firefox or Opera). Go to the Microsoft Office website and select Sign in in the top right corner.

Securing Microsoft Accounts - Step 1

2. Enter your sign in information and select Next and then enter your passphrase and select Sign in.

Securing Microsoft Accounts - Step 2

3. Select your account profile icon or picture in the top right of the screen and select My Microsoft Account.

Securing Microsoft Accounts - Step 3

4. Select Security in the top banner.

Securing Microsoft Accounts - Step 4

5. Select Two-step verification. If you don’t already have a recovery method for your account (such as an alternate email address or phone number) you will now be prompted to set one up.

A recovery method can help you get back into your account if you lose access.

Follow the on-screen prompts toset up a recovery method.

Securing Microsoft Accounts - Step 5

You may see a prompt about setting up a feature to ‘sign in without a password’.
This is a feature offered by Microsoft and an alternative to setting up your account with a password. For more information, see Microsoft’s official website.

6. Select Manage under ‘Two-step verification’

Securing Microsoft Accounts - Step 6

7. Read the information and select Next.

Securing Microsoft Accounts - Step 7

8. Select which method of MFA you would like to use. The ACSC recommends using an authenticator app on your smartphone.

Securing Microsoft Accounts - Step 8

9. If you don’t have one already, install an authenticator app on your smart phone by going to the App Store or Google Play Store, installing your chosen authenticator app and then following the prompts to set up the app. Microsoft recommends the Microsoft Authenticator app pictured below.

Securing Microsoft Accounts - Step 9

10. Once you have your authenticator app installed and set up, select Next.

Securing Microsoft Accounts - Step 10

11. Open the authenticator app on your smart phone and scan the QR code.

Enter the code generated by the app and select Next.

Store your recovery code in a secure place and create a backup of it in a secondary place. This will help you access your account if you lose access to your authenticator app. Select Next.

Securing Microsoft Accounts - Step 11

12. If you have an app or smartphone that needs an app password, follow the on screen prompts for your device. Most modern smartphones and apps accept security codes, so an app password won’t be necessary. Select Next if you do not require an app password.

Securing Microsoft Accounts - Step 12

13. If you have an older device or application that cannot accept a security code (for example an Xbox 360 or Microsoft Office 2010 or earlier) you can create an app password. Follow the on screen prompts to learn more about app ,passwords. If you do not require an app password select Finish.

Securing Microsoft Accounts - Step 13

14. On your security dashboard, check that two-step verification is now turned on.

Securing Microsoft Accounts - Step 14

If you replace your smartphone, remember to move your authenticator app
to the new device by using the backup and recovery feature.


Security tips for securing your Microsoft account

We have included some additional security tips to help keep your account secure.

Was this information helpful?
Was this information helpful?

Thanks for your feedback!


Tell us why this information was helpful and we’ll work on making more pages like it