Multi-factor authentication for your Microsoft 365 Enterprise test environment
For an additional level of security for signing in to Office 365 or any service or application that uses the Azure AD tenant for your organization, you can enable Azure multi-factor authentication, which requires more than just a username and password to verify an account. With multi-factor authentication, users are required to acknowledge a phone call, type a verification code sent in a text message, or specify an app password on their smart phones after correctly entering their passwords. They can sign in only after this second authentication factor has been satisfied.
This article describes how to enable and test text message-based authentication for a specific account.
There are two phases to setting up multi-factor authentication for an account in your Microsoft 365 Enterprise test environment:
Create the Microsoft 365 Enterprise test environment.
Enable and test multi-factor authentication for the User 2 account.
Click here for a visual map to all the articles in the Microsoft 365 Enterprise Test Lab Guide stack.
Phase 1: Build out your Microsoft 365 Enterprise test environment
If you just want to test multi-factor authentication in a lightweight way with the minimum requirements, follow the instructions in Lightweight base configuration.
If you want to test multi-factor authentication in a simulated enterprise, follow the instructions in Pass-through authentication.
Testing multi-factor authentication does not require the simulated enterprise test environment, which includes a simulated intranet connected to the Internet and directory synchronization for a Active Directory Domain Services (AD DS) forest. It is provided here as an option so that you can test multi-factor authentication and experiment with it in an environment that represents a typical organization.
Phase 2: Enable and test multi-factor authentication for the User 2 account
Enable multi-factor authentication for the User 2 account with these steps:
Open a separate, private instance of your browser, go to the Microsoft 365 admin center (https://portal.microsoft.com), and then sign in with your global administrator account.
In the left navigation, click Users > Active users.
In the Active users pane, click More > Multi-factor authentication setup.
In the list, select the User 2 account.
In the User 2 section, under Quick steps, click Enable.
In the About enabling multi-factor auth dialog box, click Enable multi-factor auth.
In the Updates successful dialog box, click Close.
On the Microsoft 365 admin center tab, click the user account icon in the upper right, and then click Sign out.
Close your browser instance.
Complete the configuration for the User 2 account to use a text message for validation and test it with these steps:
Open a new, private instance of your browser.
Go to the Office 365 portal (https://portal.office.com) and sign in with the User 2 account name and password.
After signing in, you are prompted to set up the account for more information. Click Next.
On the Additional security verification page:
Select your country or region.
Type phone number of the smart phone that will receive text messages.
In Method, click Send me a code by text message.
Enter the verification code from the text message received on your smart phone, and then click Verify.
On the Step 3: Keep your existing applications page, record the displayed app password for the User 2 account in a secure location, and then click Done.
If this is the first time you signed in with the User 2 account, you are prompted to change the password. Type the original password and a new password twice, and then click Update password and sign in. Record the new password in a secure location.
You should see the Office portal for User 2 on the Microsoft Office Home tab of your browser.
See the Set up multi-factor authentication step in the Identity phase for information and links to deploy multi-factor authentication in production.
Explore additional identity features and capabilities in your test environment.