Skip to main content

How to set up two-factor authentication (2FA) on a Microsoft account

Microsoft account two-step verification
Microsoft account two-step verification (Image credit: Windows Central)

Microsoft accounts come with support for two-step verification (also known as "two-factor authentication," "2FA," or "multi-factor authentication") to add a second type of verification to increase security, making it harder for malicious individuals to try to gain access to your information.

In other words, if your password were compromised, it'd be virtually impossible to use it to sign into the account since they'd also need to provide a second form of authentication that only you can provide.

If you want to set up two-step verification, you will need to use the Microsoft Authentication app. Once the feature has been enabled, you will be prompted to authenticate with your phone to verify you are you.

In this Windows 11 guide, we will walk you through the steps to configure two-step verification on your Microsoft account to prevent unauthorized access to Outlook, OneDrive, Microsoft 365, Xbox Network, and other Microsoft services.

How to enable two-step verification on Microsoft account

The process to configure the two-step authentication security feature requires you to install the Microsoft Authenticator app on your phone and then enable the option in the Microsoft account.

Set up Microsoft Authenticator app

The first step to add an extra security layer to your account is to set up the Microsoft Authenticator app on your Android or iOS device. These steps include the details to set up the app on an Android device, but it should be similar for iOS devices. (If you already have the app on your phone, you can skip the steps below and continue with the feature setup instructions.)

To configure the Microsoft Authenticator app on Android, use these steps:

  1. Open Google Play Store.
  2. Search for the Microsoft Authenticator app (opens in new tab).
  3. Tap the Install button.
  4. Open the app.
  5. Tap the I agree button to continue.
  6. Tap the Sign in with Microsoft button.
  7. Confirm your Microsoft account address.
  8. Click the Next button.
  9. Confirm your account password.
  10. Click the Sign in button.
  11. Select the verification method — for example, secondary email address.
  12. Complete the verification.
  13. Tap the Got it button.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Tap the OK button (if applicable).

Once you complete the steps, a notification will appear on your phone to approve and continue the sign-in automatically when signing into your account.

Set up two-step authentication

The next step is to set up two-step authentication on your Microsoft account. However, before proceeding, it is essential to have multiple contact information to prevent getting locked out of the account. If you need to update your security information use the steps below to continue setting up the feature.

To enable a more secure verification feature, use these steps:

  1. Open the Microsoft account on the web (opens in new tab).
  2. Sign in with your credentials (as needed).
  3. Click the Security tab.
  4. Click the Advanced security options tile.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Under the "Additional security" section, click the Turn on option for two-step verification.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Click the Next button.

Source: Windows Central (Image credit: Source: Windows Central)
  1. (Optional) If you use the Outlook app on your phone, select the platform, and follow the directions to enable the app to sync your emails with an app password.
  2. Click the Next button again.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Click the Finish button.

Source: Windows Central (Image credit: Source: Windows Central)

After you complete the steps, when logging in from an unrecognized device, you will receive an alert on your phone to confirm you are the one trying to access the account.

How to add security info for two-step verification

When you enable two-step verification on a Microsoft account, the second form of authentication request will appear every time you sign in. Also, if you forget the password, you will need to have two contact methods to regain access. As a result, before enabling the feature, you have to ensure the account has at least three secondary contacts, which can be a mix of emails or phone numbers.

To add security information to a Microsoft account, use these steps:

  1. Open the Microsoft account on the web (opens in new tab).
  2. Sign in with your credentials (as needed).
  3. Click the Security tab.
  4. Click the Advanced security options tile.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Under the "Ways to prove who you are" section, click the Add a new way to sign in or verify option.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Select the verification option — for example, Email a code, but you can choose an app, sms message, Windows Hello, or security key.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Confirm the alternative email address.
  2. Click the Next button.
  3. Check the code in the alternative email account.
  4. Confirm the code on the Microsoft account page.
  5. Click the Next button.

Once you complete the steps, as you access the account, you can complete the security code using one of the contact methods on the account.

How to create an app password for two-step verification

The two-step authentication method is not supported by all platforms and apps, which means that in some cases, you may need to create an app password to access a Microsoft product like Outlook.

To create an app password on a Microsoft account, use these steps:

  1. Open the Microsoft account on the web (opens in new tab).
  2. Sign in with your credentials (as needed).
  3. Click the Security tab.
  4. Click the Advanced security options tile.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Under the "App passwords" section, click the Create a new app password option.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Use the generated password on the app or device that doesn't support a security code.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Click the Done button.

After you complete the steps, the app will be able to access the Microsoft account while two-step verification is enabled.

Delete app passwords

To delete an app password on a Microsoft account, use these steps:

  1. Open the Microsoft account on the web (opens in new tab).
  2. Sign in with your credentials (as needed).
  3. Click the Security tab.
  4. Click the Advanced security options tile.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Under the "App passwords" section, click the Remove existing app passwords option.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Click the Remove button.
  2. Click the OK button.

Once you complete the steps, the existing app passwords will be deleted from the account, revoking app access on any device on which you had the account configured.

How to disable two-step verification on Microsoft account

Although it's not recommended, you can disable 2FA to use the traditional authentication process.

To disable two-step verification, use these steps:

  1. Open the Microsoft account on the web (opens in new tab).
  2. Sign in with your credentials (as needed).
  3. Click the Security tab.
  4. Click the Advanced security options tile.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Under the "Additional security" section, click the Turn off option.

Source: Windows Central (Image credit: Source: Windows Central)
  1. Click the Yes button.

After you complete the steps, you will continue to receive security access codes and when the system detects a security risk.

If you are disabling the security feature, you will also have to update the services you have previously configured with an app password to use the traditional authentication method (password).

More Windows resources

For more helpful articles, coverage, and answers to common questions about Windows 10 and Windows 11, visit the following resources:

Mauro Huculak is technical writer for WindowsCentral.com. His primary focus is to write comprehensive how-tos to help users get the most out of Windows 10 and its many related technologies. He has an IT background with professional certifications from Microsoft, Cisco, and CompTIA, and he's a recognized member of the Microsoft MVP community.

3 Comments
  • Better still, don't have an MS account.
  • What's wrong with a MS account?
  • I am also interested what is wrong with Microsoft account. Works fine for me so no clue what you on about...