version 26.6.3 · Self-Help · Printing~3 min read

Set up two-factor authentication across a small team

Rolling MFA out to a handful of staff is straightforward, but it pays to plan the order so nobody gets locked out on a busy morning. This is the approach we use for clients.

  1. List the accounts in scope first — Microsoft 365 is usually the priority, then any shared business systems.
  2. Brief the team a day ahead: tell them to install Microsoft Authenticator before the rollout, not during.
  3. Enable MFA centrally through your Microsoft admin centre or your IT provider, rather than account by account.
  4. Stagger enrolment across the day so support questions do not all land at once.
  5. Have everyone save backup codes and add a backup phone number during setup.
  6. Confirm each person has completed enrolment, and keep a break-glass admin account documented in case of lockout.
  7. Loop in whedo.it to enforce policy correctly and apply conditional access if you want location-based rules.

Still stuck after those?

You’ve done the right thing by trying. Send whedo.it a quick note — what you tried, what you saw — and a senior pair of eyes will be on it the same business day.

+61 421 346 887
5.0
★★★★★ on Google · loading…
Read all on Google →