Multi-factor authentication is now part of Office 365 and available for all users. Any of the following may be used for the second factor of authentication.

1. Call my mobile phone. The user receives a phone call that asks them to press the pound key. Once the pound key is pressed, the user is logged in.
2. Text code to my mobile phone. The user receives a text message containing a six-digit code that they must enter into the portal.
3. Call my office phone. This is the same as Call my mobile phone, but it enables the user to select a different phone if they do not have their mobile phone with them.
4. Notify me through app. The user configured a smartphone app and they receive a notification in the app that they must confirm the login. Smartphone apps are available for Windows Phone, iPhone, and Android devices.
5. Show one-time code in app. The same smartphone app is used. Instead of receiving a notification, the user starts the app and enters the six-digit code from the app into the portal.

For more information about Multi-Factor Authentication for Office 365 please read the TechNet article Multi-Factor Authentication for Office 365