I recently blogged about the importance of enabling Multi-Factor Authentication (MFA) for online accounts. Account breaches are now common place and a password alone is not enough to protect your email and other critical information stored in cloud accounts. With MFA enabled, additional information is required to prove your identity at login. This second factor is something you have and is generally implemented through use of an authenticator app on your mobile phone or via an SMS code. An authenticator app is preferable to the use of SMS, because a mobile phone number can be hijacked and moved to another phone.
Office 365 accounts are often targeted in phishing scams and MFA should be enabled to protect accounts against unathorised access. Setting up MFA for an Office 365 account is not difficult but some of the options can be confusing, so we normally provide a guide to staff when rolling out Office 365 MFA in a business. I've attached a guide that covers installing Microsoft Authenticator and adding an Office 365 account. The Microsoft Authenticator app supports push notification when used with Office 365 and is a convenient way to secure Office 365 accounts. Microsoft Authenticator can also be used with other online services (Google, Xero etc), so if you’re moving to Office 365 MFA and are already using another authenticator app, then it’s worth considering consolidating to Microsoft Authenticator.