Using 2-Step / Multi-Factor Authentication is a good way to protect your Office 365 documents and Outlook.com email.
If using a personal Outlook.com account, follow the steps below. To set up 2-Step Authentication for Office 365, you or an administrator must first set your account to allow sign-up for Multi-Factor Authentication; before you:
- Go to account.live.com/proofs/EnableTfa then click More Security Options at the bottom of the page.
- Sign into your Microsoft account. On the next page, click your backup email address, which is partly hidden by asterisks, then type your backup email address, and click Send Code.
- Open your backup email account, find the new email from Microsoft, copy the code from it, and paste it into the Enter Code box on the Microsoft page. Click Verify.
- Click “Set it up Now”. On the ‘How else can we verify you’ page, click Android or iPhone (whichever you have), then click Next.
- Install the Microsoft Authenticator app on your phone, from the Play Store for Android or the App Store, for iPhone. Then open the Authenticator app and sign in with your personal or business email address. On the web page, click Next
- If you get your Office365/Outlook email on your phone: click the type of phone you have: Android, iPhone or Windows.
- On your phone: Change the password used by your email app, to the App Password shown on the page , following the directions on the page if necessary. Then click Next on the web page, then click Finish.
- This App Password is tied to your phone, so it would not be usable if someone tried it online or on another computer.
- On your phone: Change the password used by your email app, to the App Password shown on the page , following the directions on the page if necessary. Then click Next on the web page, then click Finish.
- If you use the Outlook or another email app on your computer or use your account with an Xbox, you can also get specific App Passwords for each device.
- This App Password is tied to your PC or your Xbox, and is not usable if someone tries it online or on another device.
That’s it! From now on, when you log into Office365/Outlook.com on an untrusted PC, you will be able to confirm it’s you, using the Authenticator app on your phone—even if you don’t have cell signal.
Now if someone steals or guesses your password, they still can’t get into your account!
If someone were to steal your PC or phone, while your email would be protected by your phone PIN or password, you can also go to account.live.com/proofs/Manage and click Delete App Passwords, then even if they got into your phone or PC, they wouldn’t be able to get new email or download docs.
Your or an administrator could also remotely erase/wipe your phone, to delete any email/docs etc already on it.