A simple free way to secure your Office 365 email account

Photo by Maxim Ilyahov on Unsplash

First of all, why do you need to secure your Office 365 email account?

Everyone’s Office 365 email account is protected by a password, this is what you enter into Outlook when you first setup your email and what Outlook uses every few seconds when it checks for email.

Problems arise when someone knows your password, when they have this they can login to your email from the Office 365 website and launch Outlook Web Access (a version of Outlook that runs online).  They can then see everything you can see in your Outlook on your Computer.  Now the person that has hacked your email has no interest in sending emails on your behalf to embarrass you.  The hustle is to sit and watch your emails come in and go out over a period of weeks and sometimes months.  All this time they are building up a profile of your Company who’s the boss?, Who pays invoices? What suppliers do you pay?  When do you pay them?  All of this is usually available from scanning your email for a period of time.

Once the hacker has built up a good profile of your Company they will then make their play, which is usually an email coming from you (dont forget they are sat in your inbox), to the person who pays the invoices, asking them to update the payment details for a certain supplier and make a payment of £xxxx.xx.  What they hope is going to happen is the person receiving the email (supposedly from you) does this and sends a load of money to the hacker – boom job done, you have virtually zero chance of getting that money back as it has gone through several bank accounts and been moved several times in a matter of minutes….the trail goes cold.

The crazy thing is, it takes 15 minutes to secure your email and its Free

This is so easily fixed and its absolutely free to setup.  The way you stop the hacker logging into your email via the Office 365 website is with a tool called MFA or Multi Factor Authentication, this tool asks you for a second form of identification when logging in, usually a code that is sent to your mobile.  In a nut shell, when the hacker (lets say they live in Russia (other hacker states are available)) gets your password and goes to the Office 365 website to login, even with the correct password, they will be asked to enter a 6 digit code after the password.  This 6 digit code is sent to your phone via a text message from Microsoft and the hacker has now been thwarted at the first hurdle.  You are also going to get a text message and think who the hell is trying to login to my email? So it also alerts you (by the way if this happens change your Office 365 password straight away).

How to setup Multi Factor Authentication on Office 365….

Very simple, login to your Office 365 Tenant and select Multi Factor Authentication (See below)


MFA Setup Office 365
From here you can select the user to enable MFA on and also put in their Mobile Phone number to link it to this email account.

Once this has been setup you can then login to your email via the office365.com website which will text you a 6 digit code that you enter to complete the setup.  That really is it.  This will now stop anyone accessing your email via the Office365 website as they cannot ever receive the code.

The only other thing you need to do is configure Outlook (on your laptop or PC) to work without using a text message code (you need to do this as otherwise Outlook will send you a text message every couple of minutes when it goes to check your email).  Microsoft have a fix for this so Outlook (on your PC or Laptop) doesnt use MFA and it is called an “app password”.  The App Password is a special password for either Outlook on your PC/Laptop or for the Outlook Application that is on your mobile.  This setup now blocks the hacker from logging into your email without getting in the way of you accessing your emails.

If your IT provider hasn’t already discussed this with you then maybe you need a new IT provider?


Leap IT is here to take your businesses IT to where it needs to be.  We have been delivering IT Managed services throughout Birmingham, The West Midlands and across the UK for over 20 years and on behalf of more than 300 businesses.  We work closely with you to really understand what your business needs so that we can make sure you always receive the best advice and achieve the best value. 

With a breadth of solutions spanning IT Support, Communications, Cloud Computing and Print we see that you IT is completely covered from end to end. 

This site uses cookies to offer you a better browsing experience. By browsing this website, you agree to our use of cookies.