Multi-Factor Authentication (MFA)
MFA represents a multi-layered method for safeguarding your online accounts and the data they store.
When you enable MFA in your online services
(such as email), you are required to provide a combination of two or more
authenticators to confirm your identity before the service allows you access.
Utilizing MFA secures your account more
effectively than relying solely on a username and password.
Employing MFA offers greater protection for
your account than simply using a username and password.
Users who activate MFA are much less likely to
fall victim to hacking. Why is this? Because even if a malicious cyber attacker
gains access to one factor (like your password), they will be unable to fulfill
the second authentication requirement, which ultimately prevents them from
accessing your accounts.
How to Set Up Multi-Factor Authentication
(MFA) in Office 365 (Microsoft 365 Admin Center)
Enforcing MFA (Multi-Factor
Authentication) for users in Office 365 enhances
security by requiring a second verification step (e.g., phone call, SMS, or
authenticator app) during sign-in. Here's how to configure it from the Microsoft
365 Admin Center:
Method 1: Enable MFA for Individual Users
(Per-User MFA)
- Sign in to the Microsoft
365 Admin Center as a Global Admin.
- Go to Users > Active
Users.
- Select the user(s) you want to
enable MFA for.
- Click Manage
multifactor authentication (top toolbar).
(Alternatively, go to Users > Active Users > Click the user > Security > Multi-Factor Authentication.) - In the multi-factor authentication panel:
- Select the user(s) and
click Enable.
- Confirm with Enable
multi-factor auth.
- The user will be prompted to
set up MFA at their next login.
Method 2: Enforce MFA for All Users (Security
Defaults)
Microsoft recommends using Security
Defaults for basic MFA enforcement (applies to all users):
- Go to Microsoft
365 Admin Center.
- Navigate to Azure
Active Directory (under Admin centers).
- Go to Properties > Manage
Security defaults.
- Toggle Enable Security
defaults to Yes.
- Click Save.
- This enforces MFA for all
users (with some exclusions for legacy auth).
⚠️ Note: Security Defaults also
blocks legacy authentication (like IMAP, POP3, SMTP).
Method 3: Conditional Access Policies
(Advanced MFA Control)
For granular control (e.g., MFA only for
specific apps/locations):
- Go to Microsoft
365 Admin Center > Azure AD (under
Admin centers).
- Navigate to Security > Conditional
Access.
- Click New Policy.
- Configure:
- Users and Groups (who this applies to).
- Cloud Apps (e.g., Office 365, Exchange Online).
- Conditions (e.g., risky sign-ins, locations).
- Access Controls > Grant > Require
MFA.
- Enable the policy and
click Create.
What Happens Next?
- Users will be prompted to register
for MFA at their next login.
- They can set up:
- Microsoft Authenticator App (recommended).
- Phone call or SMS (less secure).
- Hardware security key (YubiKey, etc.).
- Admins can monitor MFA status
in the MFA dashboard.
Best Practices
✅ Use Conditional Access for
fine-tuned MFA policies (e.g., exclude trusted IPs).
✅ Encourage
Authenticator App (more secure than SMS).
✅ Disable
Legacy Authentication (IMAP, POP3) for better security.
✅ Audit MFA
Status under Reports > Usage &
Insights.
By enforcing MFA, you significantly reduce the
risk of phishing and unauthorized access to Office 365 accounts. 🚀