Multi-Factor Authentication (MFA) Setup and End-User Experience with Office 365 and PowerShell

About me:

This article is more of a follow up towards an earlier article that I had written for - Enabling/Enforcing Multifactor Authentication for All (Bulk) Users in Office 365.
That article was aimed at IT Professionals who would dive deep into the functionality and are comfortable with PowerShell. This article is aimed at end-users and IT Professionals – to get a glimpse of how would MFA (or multi-factor authentication) experience turn out to be.

Initial Setup (Direct Link to portal:

Notes:  Azure multi-factor authentication is a method of verifying who you are that requires the use of more than just a username and password. Using MFA for Office 365, users are required to acknowledge a phone call, text message, or app notification on their smart phones after correctly entering their passwords. They can sign in only after this second authentication factor has been satisfied.

A form of multi-factor authentication is included with Office 365, but you can also purchase Azure multi-factor authentication that includes extended functionality. For more information, see feature comparison of Azure multi-factor authentication versions.

(Reference article for IT Pros:

Set up multi-factor authentication in the Office 365 admin center

Important:  All the Office 2016 client applications support multi-factor authentication through the use of the Active Directory Authentication Library (ADAL). This means that app passwords are not required for Office 2016 clients.

  1. Go to the Office 365 admin center.
  2. Navigate to Users > Active users. Your screen should look like one of the following:


  1. In the Office 365 admin center, click More > Setup azure multi-factor auth.


Here is the direct link to the MFA management portal for Office 365:



To reset selected users' MFA information.


When you hit enable


For Reference: About enabling multi-factor authentication

Please read the deployment guide if you haven't already. If your users do not regularly sign in through the browser, you can send them to this link to register for multi-factor auth:

From <\&BrandContextID=O365 >


For Reference: How Azure Multi-Factor Authentication works

From < >

When you hit "Enforce"


When user attempts to login.



For Reference: Manage your settings for two-step verification

From < >


For Reference: How To Set Up Multi-Factor for Your Account

From < >



Option 1 - Authentication Phone


Option 2 - Office Phone


Option 3 - Mobile App


I chose to receive my verification code as a text message on the "Authentication Phone" option.



For Reference: Managing your Azure Multi-Factor Authentication User Settings

From < >




Step 3: Keep using your existing applications

In some apps, like Outlook, Apple Mail, and Microsoft Office, you can't use a phone to secure your account. To use these apps, you'll need to create a new "app password" to use in place of your work or school account password. Learn more


This is my GENERAL login experience.


Login experience through PowerShell




And I am connected


Anshuman Mansingh

Technology Solutions Professional, Microsoft