Skip to content

Email MFA Setup

This guide describes how to enable and register MFA for email clients on supported Windows, macOS, and iPhone platforms.

Purpose

Microsoft refers to MFA and supported secure authentication as Modern Authentication. This guide covers supported Outlook channels and versions, sign-in flow with SITE Authenticator, and required client configuration before enabling MFA.

Warning

Enabling MFA without completing the required client configuration can interrupt services.

Operating System and Client Requirements

Supported Operating Systems

Platform Supported version
Windows Windows 11 and above.
macOS macOS 15 Sequoia and above.
iPhone iOS 17.6.1 and above.

Unsupported Operating Systems

  • Windows 10 and older.
  • macOS 14 Sonoma and older.
  • iPad, all versions.
  • Android, all versions.

Supported Email Clients

Platform Client
Windows 11 and above Outlook in Microsoft 365 Apps Insider Channel version 2304 build 16327.202 or above.
Windows 11 and above Current Channel version 2304 build 16327.20214 or above.
Windows 11 and above Monthly Enterprise Channel version 2304 build 16327.20324 or above.
Windows 11 and above Semi-Annual Enterprise Channel version 2402 build 17328.20184 or above.
Windows 11 and above Semi-Annual Enterprise Channel version 2402 build 17328.20452 or above.
Windows 11 and above Outlook 2021 Retail version 2304 build 16327.20214 or above.
Windows 11 and above Outlook 2024 Retail version 2410 build 18129.20158 or above.
Windows 11 and above Outlook 2024 Volume version 2408 build 17932.20162 or above.
macOS 15 Sequoia and above Apple Mail native client.
iPhone iOS 17.6.1 and above iPhone Mail native client.

Configure MFA by Platform

Prepare Windows

If you have administrative privileges, download and run the attached set-MFAclientPre.ps1 preparation script.

If you cannot run the attachment or the laptop is part of an Active Directory domain, share the configuration requirements with the system administrator.

Configure Trusted Domains with PowerShell

New-Item -Path "HKLM:\SOFTWARE\Policies\Microsoft\AAD\AuthTrustedDomains" -Force
(Get-Item HKLM:).OpenSubKey("SOFTWARE\Policies\Microsoft\AAD\AuthTrustedDomains", $true).CreateSubKey("https://id.cloud.site.sa/")
(Get-Item HKLM:).OpenSubKey("SOFTWARE\Policies\Microsoft\AAD\AuthTrustedDomains", $true).CreateSubKey("https://id.cloud.site.sa")

Registry paths:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AAD\AuthTrustedDomains\https://id.cloud.site.sa/
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\AAD\AuthTrustedDomains\https://id.cloud.site.sa

Enable Modern Authentication

Set-ItemProperty -Path "HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\Identity" -Name "EnableExchangeOnPremModernAuth" -Value 1 -Type DWord

Configure Outlook

  1. Open Outlook.
  2. Enter the profile name.
  3. Click OK.
  4. Enter the email address.
  5. Click Connect.
  6. Choose Exchange.
  7. Complete Modern Authentication registration.
  8. Click Registration.
  9. Click Continue.
  10. Scan the QR code with SITE Authenticator.
  11. Enter the generated code.
  12. Click Finish.
  13. Click Done.
  1. Open Launchpad.
  2. Open Mail.
  3. Select Microsoft Exchange.
  4. Enter the name and email address.
  5. Click Sign in.
  6. Click Sign In.
  7. Enter the code.
  8. Click Sign In.
  9. Click Done.
  1. Open Settings.
  2. Open Mail.
  3. Open Account.
  4. Click Add account.
  5. Select Microsoft Exchange.
  6. Enter the email address and profile description.
  7. Click Next.
  8. Click Sign In.
  9. Enter the user email address and password.
  10. Click Sign In.
  11. Click Registration.
  12. Click Continue.
  13. Scan the QR code with SITE Authenticator.
  14. Enter the code.
  15. Click Finish.
  16. Click Save.