Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

How do I enable 2FA for Microsoft 365?

How do I enable 2FA for Microsoft 365?

Two-factor authentication (2FA) is a layer of email security to prevent hackers from accessing email accounts. Healthcare organizations should seriously consider enabling 2FA as part of your HIPAA compliant email strategy.

Even if a hacker gains access to a password, it's highly unlikely that they will be able to access a second authentication method. It's possible to enable 2FA for Microsoft 365. If you bought it recently, it may already have automatically turned on. But if you need to manually enable 2FA (or multi-factor authentication (MFA) as Microsoft 365 calls it), here are the steps to do so.

SEE ALSO: Is Microsoft 365 HIPAA compliant?


Step 1: Turn off legacy per user MFA


You must be a global admin to enable MFA for all employee email accounts. But before you begin, you'll need to turn off legacy per user if it's enabled. Once you log into the Microsoft 365 admin center, follow these steps to turn off legacy per user:
  • In the left navigation pane, select "Users" and click "Active users."
  • Choose "Multi-factor authentication." 
  • Select each email account and set its multi-factor authentication status to "Disabled."


Turning off the legacy per user allows an administrator to turn on security defaults. 


Step 2: Turn on modern authentication (Only for Office 2013 clients on Windows devices)


Modern authentication may already be enabled, but you will need to verify this to enable MFA. From the Microsoft 365 admin center home page, the steps to turn on modern authentication are:
  • In the left navigation pane, choose "Settings" and then click on "Org settings"
  • Look under the "Services" tab for "Modern authentication" and click on it. 
  • Select "Enable modern authentication" if it's not already on. 
  • Click "Save changes"


Step 3: Turn on security defaults


Security defaults may have already turned on automatically with your subscription, but you'll want to confirm this. Here are the steps you need to take to check your security defaults from the Microsoft 365 admin center home page:
  • In the left navigation pane, choose "Show all." Under "Admin centers," select "Azure Active Directory."
  • On the next page, click "Azure Active Directory" and choose "Properties."
  • Choose "Manage security defaults."
  • Select "Yes" to turn on security defaults. Don't forget to hit save!


This is the last step for administrators. After this, employees are in charge of setting up MFA for their email accounts. 


Step 4: Employees will be prompted to set up MFA when they sign in next


Once an administrator has turned on security defaults, employees will get a prompt to set up MFA the next time they launch Microsoft 365. Employees will choose which authentication method is best for them. The default authentication method is to use the Microsoft authenticator app to receive a one-time code to sign into their email account. If employees don't want to use a verification code generator, they can opt to receive a text message with a one-time code to access their email account.


Choose Paubox for healthcare email security


Paubox Email Suite enables healthcare professionals to send HIPAA compliant email to their patients. Employees can use automatically encrypted emails to directly communicate with patients in their inboxes.  Paubox is simple to use since it can easily integrate into popular email providers like Microsoft 365 . Paubox also requires two-factor authentication to log into the customer admin panel, which gives your email security an extra layer of protection.


Try Paubox Email Suite for FREE today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.