Microsoft are pushing hard to have every client using Multi Factor Authentication.
There are two stages to the process. Firstly to get an authentication app like the Microsoft Edge Auth app.
The second is to set up 365 with MFA so that when you log into any of the web apps, and periodically when using a mobile device or Outlook on a PC you will need to enter the PIN number. Here is a 90 second video showing how to do the second stage