Home » Spin.AI Blog » Cybersecurity » Microsoft 365 » How to Enable Multi Factor Authentication Office 365
October 7, 2022 | Updated on: April 11, 2024 | Reading time 11 minutes

How to Enable Multi Factor Authentication Office 365

Author:
Avatar photo

Product Manager

Multifactor authentication can protect your MSO 365 environment from unauthorized access and possible data loss or leak. Learn how to enable multi factor authentication Office 365 for your users.

What is Office 365 multi-factor authentication?

Multifactor authentication is a login process that requires more than one identity confirmation. It is the cyber security measure that provides an additional layer of protection to the SaaS apps’ login process. 

Multifactor authentication is carried out in several steps, usually two but sometimes three. At each step, the application offers a different method of identity verification.

Types of multi-factor authentication

There are several types of authentication:

  1. Based on a user’s knowledge.

The simplest example of this type of authentication mechanism is credentials. In many cases, only a user knows their login and password. Unfortunately, there are plenty of methods to steal the credentials of an individual. That’s why this method is not enough to protect the SaaS environment from breaches. Therefore you need multifactor authentication.

A Bank card’s PIN and SIM card’s PUK numbers are other examples of knowledge authentication.

  1. Based on a user’s possession.

Users can possess material and non-material security token that grants them access to the SaaS application. A key from a door is the simplest example.

Modern authentication uses the following types of security tokens:

  • Hardware (usually, flash drives)
  • Software (e.g., a file)
  • One-time connection (e.g., a phone call, or an SMS).
  1. Based on a user’s inherence.

These are mechanisms that are based on things inherent to a user. Usually, it’s biometric data such as fingerprints, iris, or facial traits. This type of authentication requires a special technology that can collect and identify the required data (e.g. iris scanner). 

  1. Based on a user’s position

Some companies might ban the login of users who are located outside specific geographic regions.

  1. Based on the time

Some apps give a limited time window for login. Another example is the hours of the day when you can log in to an app.

As a rule of thumb, the multifactor authentication method applies two of the above types in the login process to grant access to a user. 

Why does your business need to enable multi-factor authentication?

Let’s discuss the value of multifactor authentication for your business.

  1. Prevention of unauthorized logins and resulting cyber risks such as data loss or leak.
  2. Compliance with the existing rules and regulations.
  3. The psychological effect on your employees who will perceive cybersecurity as a business value.
  4. Prevent financial losses due to data breaches and non-compliance fees and penalties.

How to enable multi factor authentication Office 365: step-by-step

Microsoft Office 365 has legacy per-user authentication as well as more recent Security Defaults. Microsoft information center suggests turning off the former and turning on the latter. 

There’s one thing however that MSO 365 admins must remember at all times. Security Defaults impose multifactor authentication upon every login only on administrators. As concerns users, Azure AD ‘decides’ when to impose it on them based on multiple factors (see screenshot below):

Multi Factor Authentication Office 365

In this section, we’ll explain both methods and it’s up to you to decide which method works best for you.

Enable per-user multi-factor authentication in Office 365

Step 1. Go to Microsoft Office 365 Admin Center, open Navigation Menu, and in Settings choose Org Settings.

Step 2. You’ll be forwarded to the Org Settings page. Scroll down to Multifactor Authentication and click on it. Note that the list is in alphabetical order.

How to Enable Multi Factor Authentication Office 365

Step 3. A sliding panel will appear on the left part of the screen. Click on the Configure Multifactor Authentication.

How to Enable Multi Factor Authentication Office 365

Step 4. You will be forwarded to the Users page. Choose all users by clicking on the box above the user list. Then click on Enable in the left column next to the users’ list.

How to Enable Multi Factor Authentication Office 365

Step 5. Confirm by clicking on Enable multi-factor auth button. 

How to Enable Multi Factor Authentication Office 365

Enable Security Defaults

If you want to enable Security Defaults, you need to first disable per-user multifactor authentication. To do it, take steps 1-5, but instead of Enable, click disable. Now, you can proceed with configuring your Azure AD.

Step 1. In Microsoft Office 365 Admin Center, open Navigation Menu. Then click on Azure Active Directory.

How to Enable Multi Factor Authentication Office 365

Step 2. You will be redirected to Azure AD Admin Center. In the left panel click on Azure Active Directory. A new navigation panel will appear. You need Properties.

Step 3. At the bottom of the Properties page, press Manage Security Defaults. 

How to Enable Multi Factor Authentication Office 365

Step 4. A sliding panel will appear on the right side of the screen. Click on Yes under Enable security defaults. Then click Save in the bottom right corner.

How to Enable Multi Factor Authentication Office 365

Take these steps to disable Security Defaults. 

How to protect your Office 365 environment from other cyber incidents?

Unauthorized access is not the only cyber security incident that threatens your data integrity. Protecting your organization from human error or man-in-the-middle attacks is equally important as these are other widespread reasons for irreversible data loss.

Your business needs other tools to protect your Microsoft Office 365 data:

Backup

Microsoft Office 365 doesn’t back up your data, so if you want to protect it from possible loss or corruption, we suggest acquiring a backup solution.

Ransomware protection

Not all Admins know that MSO 365 has no inbuilt ransomware protection. Unfortunately, the ransomware threat to businesses of all sizes is real. Acquire a ransomware protection tool to prevent attacks.

Application Assessment

Applications pose a great threat to MSO 365 environment due to the permissions they acquire from users. Your business needs to detect applications and assess their risks to revoke access to the risky ones.

Access Monitoring

Multifactor authentication protects you from unauthorized logins. However, it doesn’t protect your data from unauthorized sharing. You need a tool that will enable you to see and change the sharing settings of your OneDrive files and folders.

We suggest using SpinOne. It is among the top Office 365 backup solutions on the market, with data protection functionality like ransomware protection, application risks assessment, and access monitoring.

Frequently Asked Questions

How to check if MFA is enabled in Office 365 for all users?

To check if MFA is enabled in Microsoft 365 for all users, sign in to the Microsoft admin center, then click Users > Active users in the left navigation panel, after that click multi-factor authentication at the top of the page. This will display a list of all users in your organization, along with their MFA status (Enabled or Disabled).

How do I enable MFA for guest users in Office 365?

To enable MFA for guest users in Microsoft 365, you need to create a Conditional Access policy. For this, sign in to the Microsoft admin center as an admin. Browse to Protection > Conditional Access, select Create new policy (name your policy), and under Assignments, select Users or workload identities.

  1. Under Include, select All guest and external users
  2. Under Exclude, select Users and groups and choose your organization’s emergency access or break-glass accounts.

Under Target resources > Cloud apps > Include, select All cloud apps.

  1. Under Exclude, select any applications that don’t require multifactor authentication.

Select Grant access, Require multifactor authentication, and select Select.

How to enable multi-factor authentication in Microsoft 365 using PowerShell?

To enable multi-factor authentication (MFA) in Microsoft 365 using PowerShell, you need first open a Windows PowerShell console as an administrator, then connect to Azure Active Directory PowerShell, get a list of all users in your organization and enable MFA for each user. This will enable MFA for all users in your organization but you can also enable MFA for specific users or groups of users with the PowerShell.

Is MFA automatically enabled for all Microsoft 365 users?

MFA is not typically automatically enabled for all users by default. It is usually an optional security feature that users can choose to enable for themselves or that administrators can enforce across an organization’s user accounts.

Was this helpful?

Thanks for your feedback!
Avatar photo

Product Manager

About Author

Will Tran is the Product Manager at Spin.AI, where he guides the product's strategic direction, oversees feature development and ensures that the solution solves his clients’ cybersecurity needs.

Will is a security professional who started his career at Lockheed Martin where he worked on National Security Space programs in business development and product management.

Will holds a BA in Economics and Mathematics from UCSB and an MBA with a specialization in Technology Management and Marketing from UCLA Anderson School of Management.

At Lockheed Martin, Will developed the multi-year strategy campaign and supported the product development of a national security satellite program for the United States Air Force, which resulted in a multi-billion dollar contract.

During business school, Will consulted 2 non-profit organizations as part of a series of national consulting case competitions. He set strategic priorities, optimized business operations, and developed a process to qualify new revenue streams for his non-profit clients. These initiatives resulted in 15-20% increase in annual surplus.

In his spare time, Will can be found at local coffee shops around Los Angeles, traveling to different countries, or hanging out with his cat.

How Can You Maximize SaaS Security Benefits?

Let's get started with a live demo

Latest blog posts

Beyond Add-Ons: Elevating Browser Governance Against Malicious and ...

Browser extensions, plugins, add-ons – these tools may have many names but they have even... Read more

PELEG CABRA | SERGEY PERSIKOV

Perception Point

backup comparison checlist

Regulations and Best Practices for Office 365 Backups: Europe Edition

Why do you need special accommodations for Office 365 Backups in Europe? For businesses using... Read more

Avatar photo

CEO and Founder

Top 10 Low-Risk Applications and Extensions for Google Workspace

Top 10 Low-Risk Applications and Extensions for Google Workspace

Google Workspace is an extremely popular SaaS productivity suite used by millions of organizations today.... Read more

Avatar photo

Vice President of Product