Multi-Factor Authentication (MFA) helps safeguard access to data.  Simply put - once enabled you'll need your password and a second verification meaning even if someone knows your password they won't be able to access your account.  

This link will walk you through enabling MFA on your account:

I recommend enabling both the Microsoft Authenticator app option and phone/text

Methods available for MFA/two-step verification

  • Phone call - A call is placed to a user’s registered phone. The user enters a PIN if necessary then presses the # key.
  • Text message - A text message is sent to a user’s mobile phone with a six-digit code. The user enters this code on the sign-in page.
  • Mobile app notification - A verification request is sent to a user’s smartphone. The user enters a PIN if necessary then selects Verify on the mobile app.
  • Mobile app verification code - The mobile app, which is running on a user’s smartphone, displays a verification code that changes every 30 seconds. The user finds the most recent code and enters it on the sign-in page.
  • Third-party OATH tokens - Azure Multi-Factor Authentication Server can be configured to accept third-party verification methods.