Update: Due to some changes in how MS handles MFA in O365, I’ve had to completely re-write this article. Updated instructions follow.
MFA in O365
Office 365 MFA is probably the best thing to enable for securing the environment. Microsoft has gone through a number of iterations on setting this up, but has finally ended with the existing settings. The setting is called “Enable Security Defaults.” That’s a weird thing to call it, since it isn’t set by default. Enabling security defaults will enforce MFA on all users. Here’s how to set it up.
Configure Security Defaults
1. Enter the Admin console in O365 and select “Setup”
2. Select “Protect your org with security defaults (MFA)
3. Click on “Get Started”
4. The option to enable security defaults should already be checked. If not, check it, then click Save Changes
Once those steps are done, MFA will be enabled and enforced for all users in the environment. Using security defaults is an easy way to enable MFA, but understand that you don’t have much granular control. Granular controls for MFA have to be done through the Azure AD Conditional Access system. I will go over this at a later date, so stay tuned!