Multi-factor authentication for Office 365 has been available to administrative roles since June 2013, however, as from now this security feature will be available to any Office 365 user, according to Paul Andrew the technical product manager of Office 365. This includes Office 365 Midsize Business, Enterprise plans, Academic plans, Non-profit plans, and standalone Office 365 plans, including Exchange Online and SharePoint Online.
With Multi-Factor Authentication for Office 365, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.
Read more here – http://blogs.office.com/2014/02/10/multi-factor-authentication-for-office-365/