Set up two-factor authentication across a small team
Rolling MFA out to a handful of staff is straightforward, but it pays to plan the order so nobody gets locked out on a busy morning. This is the approach we use for clients.
- List the accounts in scope first — Microsoft 365 is usually the priority, then any shared business systems.
- Brief the team a day ahead: tell them to install Microsoft Authenticator before the rollout, not during.
- Enable MFA centrally through your Microsoft admin centre or your IT provider, rather than account by account.
- Stagger enrolment across the day so support questions do not all land at once.
- Have everyone save backup codes and add a backup phone number during setup.
- Confirm each person has completed enrolment, and keep a break-glass admin account documented in case of lockout.
- Loop in whedo.it to enforce policy correctly and apply conditional access if you want location-based rules.
Still stuck after those?
You’ve done the right thing by trying. Send whedo.it a quick note — what you tried, what you saw — and a senior pair of eyes will be on it the same business day.