What we mentioned in the Enabling two-factor authentication recipe applies also to the mobile apps, but we have to add another mechanism called app password to make it work on these kinds of clients. It is an additional feature required for all the non-browser apps.
The user is enabled to generate many app passwords (for example, one for every device) and delete them as required. It is required to access the Office 365 portal with the user, select Office 365 settings, go to the Additional Security Verification screen, and select the Update my phone numbers used for account security, as shown in the following screenshot:
The app password screen contains the required tools to manage this additional security layer.