How To Enforce MFA On O365

Tips and Essentials
  • Global Admin Access
  • Exchange Online Management Module for PowerShell installed (guide on how to install below)
  • The best thing to do is to schedule this to happen over the weekend so that users can start working again as soon as they log in on Monday morning.
Enforce MFA on o365 tenant for all users
  1. Install Exchange Online Management Module for PowerShell
  • Run PowerShell as Administrator on your computer
  • Run the following commands:
Press “A” and then “Enter” on your keyboard. Now, to install Exchange Online Management module, use the following command: Again, press “A” and then “Enter”. This may take a minute or two to install.
  1. Enable Modern Authentication for your Office 365 tenant
  • Here you will need to use the previously installed Exchange Online Management module
  • Run the following commands:
To import the Module:   You will be prompted with an Office 365 log in page, please make sure to log in with your Global Admin account. Once logged in, run the following command:   This will Enable Modern Authentication for all O365 users on your tenant. Again, this may take a few minutes to complete so please be patient. Once done, run the following command to make sure it’s enabled: If the previous command was successful, you should see message that will look like the one below:  
  1. Next steps will have to be done by logging into as Global Admin
Once logged in, click on “Active Users” and then “Multi-factor authentication”   Here comes a very important part of the MFA set up, please follow the steps below: Click on Service Settings I the top left corner     You will have a few options to choose from here. First one we will have a look at is the APP Passwords. We recommend switching this option off if you would like the users to be able to approve their sign into Office Apps such as Outlook and 3rd party apps like Apple Mail via Microsoft Authenticator App or text message.   Next setting we will have a look at is the Verification Options: Here it is entirely up to you have you would like the users to be able to Authenticate, however, our recommendations are as follows:
  • Notification Through the Mobile App
  • Verification Code
  • Text Message to Phone
These are the easiest options to set up and users will be able to choose their preferred method. The final setting on this page is to set how long will the devices on will be remembered for on user’s accounts.   Switching this setting off completely is more secure, however, users might get frustrated by having to verify their sign in to Outlook every morning for example. We recommend keeping this setting on 90 days. Once your settings are set the way you want them to be, click on “Save” and go back to the “Users” tab.  
  • Tick all the users that you would like to enable the MFA for.
  • Click on Enable on the right-hand side.
  • Then click on Manage User Settings and chose the following options and hit Save:
Once this is done, tick all the users again and click on Enforce on the right hand side.   Now all that the users need to do is log in to where they will be automatically prompted to provide more information such as their mobile number or to register with a Microsoft Authenticator App. This process is very straight forward.  
Last updated on 22 Mar 2022
791 reads
Tell us what you think?00