Technical Blog

Microsoft 365 Multifactor Authentication (MFA) Configuration

April 15, 2026 by Zulqarnain

Table of Contents

Prerequisite:

You can use Microsoft Entra ID Protection and risk-based Conditional Access policies with:

  • Microsoft 365 E5
  • Microsoft Entra ID P2 licenses

Microsoft Multifactor Authentication:

To provide an extra level of security for sign-ins, you must use multifactor authentication (MFA), which uses both a password, which should be strong, and an additional verification method based on:

  • Something you have with you that isn’t easily duplicated, such as a smart phone.
  • Something you uniquely and biologically have, such as your fingerprints, face, or other biometric attribute.

The additional verification method isn’t employed until after the user’s password has been verified. With MFA, even if a strong user password is compromised, the attacker doesn’t have your smart phone or your fingerprint to complete the sign-in.

MFA support in Microsoft 365

By default, both Microsoft 365 and Office 365 support MFA for user accounts using:

  • A text message sent to a phone requires the user to type a verification code.
  • A phone call.
  • The Microsoft Authenticator smart phone app.

Enable MFA from Admin Center:

  • Open Microsoft admin center.
  • Select users/Active users.
  • Select any user from the list.
  • It will take you to Microsoft Entra admin center.
  • Select users on which you want to enable MFA.
  • Click Enable MFA.

End-user Experience:

  • When user will try to login to com or office.com next time, It will require to add MFA.
  • Download the Microsoft Authenticator App from Play store/App store.
  • After installation open QR code scanner from Microsoft Authenticator App.
  • After scanning QR code, User’s account will be added to Microsoft Authenticator app
  • 2-digit code will be generated, & a notification will appear on user’s Android / IOS device.
  • The user needs to enter the 2-digit code.
  • From now on, whenever user tries to login to their account, a 2-digit code will be generated & require user to use Microsoft Authenticator app to login.

SMS OTP Authentication:

To enable SMS authentication for end user

  • Goto Microsoft Entra Admin center.
  • In Protection, Select Authentication

End-user Experience:

  • When user will try to login to com or office.com next time, It will require to add MFA.
  • Follow the Prompts & the end user will get an OTP on cell number.

Note: Every time the user tries to sign in, the user will get an OTP to get signed in.

Admin End:

  • Open Microsoft Entra admin center to verify.

    Note: Those users who will configure MFA their status will be shown as “enforced”, & those who didn’t, their status will be “enabled”.

References:

OpenClaw Security Risks: What Security Teams Need to Know About Agentic AIOpenClaw Security Risks: What Security Teams Need to Know About Agentic AIApril 14, 2026