Microsoft MFA & Account Management Guide

Learn how to configure Microsoft Multi-Factor Authentication (MFA), reset passwords securely using Self-Service Password Reset (SSPR), and manage MFA details as an administrator in Microsoft 365 or Azure Entra ID.

🔹 Part 1 — Set Up Multi-Factor Authentication (MFA)

MFA helps protect your Microsoft 365 account by requiring an additional verification method, such as a phone or Authenticator app, when you sign in.

Go to aka.ms/mfasetup and sign in with your work or school account.
Click Next to start setup.
Choose your preferred authentication method:
- Microsoft Authenticator app — recommended for faster, secure approvals.
- Text message (SMS) — receive a 6-digit verification code.
- Phone call — approve sign-in through voice confirmation.
For Authenticator setup:
1. Download the Microsoft Authenticator app from the App Store or Google Play.
2. In the app, tap Add account → Work or school account.
3. Scan the QR code shown on your computer screen.
4. Approve the test notification when prompted.
Click Finish once setup completes.

Tip: You can manage or add new verification methods anytime at mysignins.microsoft.com/security-info.

🔹 Part 2 — Self-Service Password Reset (SSPR)

If you forget your password or get locked out, you can reset it using Microsoft’s self-service portal or the Windows login screen.

Option A — Online Portal

Visit passwordreset.microsoftonline.com.
Enter your organization email address and follow the on-screen prompts to verify your identity.
When resetting your password, ensure it meets your organization’s policy:
- Minimum 8 characters
- At least one uppercase, lowercase, number, and symbol
Once complete, sign in with your new password at portal.office.com.

Option B — From the Windows Login Screen

At the login screen, click Reset password (if your organization has enabled it).
Verify your identity using your registered MFA method.
Set a new password and sign in again.

Option C — Change Password While Logged In

Press Ctrl + Alt + Delete.
Select Change a password.
Enter your current password and then your new password twice.

Warning: If your MFA verification fails or your account is locked, contact IT support to confirm your recovery methods at mysignins.microsoft.com/security-info.

🔹 Part 3 — IT Administrator: Update a User’s MFA Phone Number

Admins can reset or update a user’s MFA phone number via the Microsoft 365 Admin Center or the Azure Entra ID portal.

Method 1 — Microsoft 365 Admin Center

Sign in at admin.microsoft.com.
Navigate to Users → Active users.
Select the affected user account.
Click Manage multifactor authentication under Authentication methods.
Select Manage user settings.
Enable Require selected users to provide contact methods again and click Save.
The user will be prompted to re-register MFA methods upon next sign-in.

Method 2 — Azure Entra ID (Azure AD)

Go to entra.microsoft.com.
Under Users → All users, select the target account.
Navigate to Authentication methods → Edit.
Remove or update the phone number, or reset MFA registration entirely.
Click Save. The user will confirm their new MFA method during next sign-in.

Advanced Option: You can also automate MFA management via PowerShell using Set-MsolUser or Set-AzureADUser for large-scale administration.

✅ Summary

Users: Register MFA at aka.ms/mfasetup and manage methods at mysignins.microsoft.com.
Self-Service Reset: Use passwordreset.microsoftonline.com or Ctrl + Alt + Delete → Reset password.
Admins: Manage MFA info via Microsoft 365 Admin Center or Azure Entra Portal.

Good Practice: Always verify MFA and password reset settings quarterly to ensure users’ methods remain accurate and secure.

Back to Account Guides