As per Microsoft announcement few months ago, here is how to configure multi factor authentication.

This is a per user basis.

I already wrote few posts about this feature (http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=524 and http://blog.hametbenoit.info/Lists/Posts/Post.aspx?ID=526) but there was on a preview version; there has been some changes.

NOTE 1 This does not work with federated users

NOTE 2 Multi factor authentication for administrators doesn’t work with client application such as Outlook or Lync

Enable Multi Factor Authentication

New, to enable multi factor, go to the Office 365 administration portal (https://portal.microsoftonline.com) and reach the Users and Groups section on the left.

The click on the Setup button available on top of the user list

image

Then select one or more user to enable multi factor authentication – you may have to change the default view, set to Global Administrators to view all of your users

image

Once the user account has been selected, click on the Enable button which appears on the right side

image

Confirm the activation

image

Multi factor authentication has been enabled

image

Starting then you can manage user settings for multi factor authentication by hitting the Manage user settings after selecting the user account

image

User Authentication

The first time the user will authenticate after setting up multi factor using web browser, he will be asked to setup his additional security settings

image

He will have to choose how to setup multi factor authentication (Mobile phone, Office Phone [Lync phone can not be used] or Mobile App)

If you choose mobile phone, a text message will be sent to ensure you are the owner of the phone AND to ensure the phone can be reached by the system

Then he will have to choose if he want to enable multi factor for web access only or also for Office application such as Outlook.

image

Hitting the generate app password button will automatically generates a complex password to use when configuring your Outlook client or mobile device to connect to your Office 365 account

image

   

If you choose to use Mobile App to authenticate you, you have to download the Multi-Factor Authentication application for your mobile device (Windows Phone, iOS or Android) from the app store

image

image

image

image

Next Logon

Once multi factor authentication has been enabled for a user and setup by him, Office 365 will automatically start the authentication process using the multi factor settings (text message, password application…)

image

image

If multiple authentication options have been defined, end user can switch the authentication method by hitting Other verification options

Multi Factor Authentication with client applications

If you have enabled multi factor authentication for your client application, end-user will have to enter the password defined by the system if not using the mobile application

If the mobile application is used for authentication, end-user has to start the authentication factor application on his mobile device and then, when prompted, enter the password defined by the mobile application to get authenticated on Outlook or Lync

Update Multi Factor Details

If your user need to update his multi factor authenticatio
n details – such as the phone number, just instruct him to go to his settings from the wheel on the top right side

image

And then to the password section on the left side