Enable or disable multi-factor authentication
Multi-factor authentication (MFA) prevents unauthorized access to your Microsoft 365 account. MFA requires a verification method, like a code sent to you in a text message, whenever you sign in to your account. If your password is ever compromised, attackers can't duplicate this verification method and are blocked from accessing your account.
Enable and enforce multi-factor authentication
To require users to use a sign-in verification method whenever they access their accounts, turn on MFA.
- Sign in to Outlook on the web with your Microsoft 365 email address and password.
- After you're signed in, go to the multi-factor authentication page.
Note: If you’re not an admin but try to access the page, you’ll see the error message “You do not have sufficient permission to access this page.”
- To enable MFA for a specific user, select the checkbox next to their display name. You can select more than one user. quick steps will display on the right.
- Select Enable.
- In the confirmation window, select enable multi-factor auth, and then select close. MFA will be enabled for the selected user(s).
- Select the checkbox for the same user(s). Under quick steps, select Enforce.
- Sign out and then sign back in to Outlook on the web with the email account that had MFA enforced. Enter a phone number for your MFA method, and then select Next.
- If you don't want to provide a phone number, use the Microsoft Authenticator app instead.
- After enabling MFA, you'll receive an app password for email clients using Basic authentication, like Outlook 2010. Make note of it, and then select Done.
You're good to go! MFA has been enabled and enforced for all users. We recommend adding another sign-in method in case you lose access to your primary method.
Disable multi-factor authentication
If you want to stop requiring a verification method for the selected users, you can turn off MFA. Users will only need their email address and password to sign in after MFA is disabled.
- Sign in to Outlook on the web with your Microsoft 365 email address and password. If you don't have access to the sign-in method, reset your MFA first.
- After you're signed in, go to the multi-factor authentication page.
- To disable MFA for a specific user, select the checkbox next to their display name. You can select more than one user. quick steps will display on the right.
- Select Disable.
- In the confirmation window, select yes and then select close. MFA will be disabled for the selected user(s).
Related steps
- Change or delete my multi-factor authentication method
- I can't access my multi-factor authentication method
More info
- To enable MFA for all users in your organization and require additional verification for admins, manage your security defaults.
- When securing your mailbox, you might want to sign out of all devices and reconnect using MFA.
- We also recommend securing your GoDaddy account with 2-step verification.