Quickly How to enable MFA for O365 users

by
How to enable MFA for O365 users

This article talks about how to enable MFA for O365 users

What is Multifactor authentication :

Multifactor authentication a security method that requires users to provide two or more distinct verification factors to gain access to a system or application. Instead of just a password, Multifactor authentication uses multiple types of evidence, such as something you know (a password), something you have (a phone or security key), or something you are (a fingerprint), to create layers of security and significantly reduce the risk of unauthorized access

Let’s do it step by step:

Visit to https://admin.microsoft.com/

You can read guidelines here : https://aka.ms/AuthenticationMFAGetStarted before enabling

Navigate to Users–> Active users–> then click on Multi-factor authentication

It will take you to the page of Entra admin center–> then select user –> click on enable Multifactor authentication

If your users do not regularly sign in thro the browser, you can send them to this link to register for Multifactor authentication: https://aka.ms/mfasetup

We are done here.

Enforce multifactor authentication

After multifactor auth is enforced, users will need to create app passwords to use non-browser applications such as Outlook or Lync. For security reasons app passwords are not available to admins, who will be able to sign in only with the browser.

Below are the settings related Multifactor authentication

If you wish you can disable Multifactor authentication

PowerShell Script for above manual task 

# Install MSOnline module if not installed
Install-Module MSOnline -Force -AllowClobber

# Connect to MSOnline
Connect-MsolService

# Get users (example: all users without Multifactor authentication)
$Users = Get-MsolUser -All | Where-Object { $_.StrongAuthenticationRequirements.State -ne "Enabled" }

foreach ($User in $Users) {
    $MFASettings = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
    $MFASettings.RelyingParty = "*"
    $MFASettings.State = "Enabled"

    Set-MsolUser -UserPrincipalName $User.UserPrincipalName -StrongAuthenticationRequirements $MFASettings

    Write-Host "Multifactor authentication enabled for $($User.UserPrincipalName)"
}

Conclusion :

Post reading above article reader will be able to enable and disable Multifactor authentication successfully.

Also Read  How to create an user in Office 365

Also you can read our article https://microbrother.com/how-to-add-multiple-contacts-in-o365/ on how to add multiple contacts in O365

Thank you ☺️

Leave a Comment