Set up Multifactor Authentication
Articles on: Microsoft 365 Tenant
Based on your understanding of multifactor authentication (MFA) and its support in Microsoft 365, it's time to set it up and roll it out to your organization.
Option 1:Setting up multifactor authentication in Office 365 is simple. Here are the steps.
• Go to the Microsoft user management page.
• Sign in with your Global Admin username and password.
• Choose the accounts for which you want MFA.
• Look for the “enable” link on the right-hand bottom. Click on this link and you’ll see a dialog box.
• In the next screen, you’ll see the MFA status enabled for your chosen accounts.
• At this state, it’s a good idea to send an email to the respective users to inform them of this change and to ask them to provide
their contact details when they log in the next time.
• Next, choose the account again and click on “enforce” link on the right-hand side.
• You’ll see a dialog box for confirmation
That’s it! You’ve set up MFA for your users. Next time, when these users attempt to login, they’ll get a message asking them to set up additional security verification.
Create a Conditional Access policy
The following steps will help create a Conditional Access policy to require All users to perform multifactor authentication.
Sign into the Azure portal as a global administrator, security administrator, or Conditional
Access administrator.
Browse to Azure Active Directory > Security > Conditional Access.
Select New policy.
Give your policy a name. We recommend that organizations create a meaningful standard
for the names of their policies.
Under Assignments, select Users and groups
a. Under Include, select All users
b. Under Exclude, select Users and groups and choose your organization's emergency access or break-glass accounts.
c. Select Done.
Under Cloud apps or actions > Include, select All cloud apps.
a. Under Exclude, select any applications that do not require multi-factor authentication.
Under Conditions > Client apps (Preview), under Select the client apps this policy will apply to leave all defaults selected and select Done.
Under Access controls > Grant, select Grant access, require multi-factor authentication, and
select Select.
Confirm your settings and set Enable policy to On.
Select Create to create to enable your policy.
Updated on: 31/01/2023
Set up Multifactor Authentication
Based on your understanding of multifactor authentication (MFA) and its support in Microsoft 365, it's time to set it up and roll it out to your organization.
Option 1:Setting up multifactor authentication in Office 365 is simple. Here are the steps.
• Go to the Microsoft user management page.
• Sign in with your Global Admin username and password.
• Choose the accounts for which you want MFA.
• Look for the “enable” link on the right-hand bottom. Click on this link and you’ll see a dialog box.
• In the next screen, you’ll see the MFA status enabled for your chosen accounts.
• At this state, it’s a good idea to send an email to the respective users to inform them of this change and to ask them to provide
their contact details when they log in the next time.
• Next, choose the account again and click on “enforce” link on the right-hand side.
• You’ll see a dialog box for confirmation
That’s it! You’ve set up MFA for your users. Next time, when these users attempt to login, they’ll get a message asking them to set up additional security verification.
Option 2:
Create a Conditional Access policy
The following steps will help create a Conditional Access policy to require All users to perform multifactor authentication.
Sign into the Azure portal as a global administrator, security administrator, or Conditional
Access administrator.
Browse to Azure Active Directory > Security > Conditional Access.
Select New policy.
Give your policy a name. We recommend that organizations create a meaningful standard
for the names of their policies.
Under Assignments, select Users and groups
a. Under Include, select All users
b. Under Exclude, select Users and groups and choose your organization's emergency access or break-glass accounts.
c. Select Done.
Under Cloud apps or actions > Include, select All cloud apps.
a. Under Exclude, select any applications that do not require multi-factor authentication.
Under Conditions > Client apps (Preview), under Select the client apps this policy will apply to leave all defaults selected and select Done.
Under Access controls > Grant, select Grant access, require multi-factor authentication, and
select Select.
Confirm your settings and set Enable policy to On.
Select Create to create to enable your policy.
Updated on: 31/01/2023
Updated on: 01/07/2024
Thank you!