Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
5,113 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(217.60000000000002, 51%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBS%3C/text%3E%3C/svg%3E)
Hi @Reine Ariston
I understand that you are trying to enable MFA to all users in Microsoft 365. There are three ways to enable multifactor authentication that is Security Defaults, Per User MFA, Conditional Access (CA) Policy.
Microsoft 365 for business gives you the option to use security defaults or Conditional Access policies to turn on MFA for your admins and user accounts. For most organizations, Security defaults offer a good level of sign-in security. But if your organization must meet more stringent requirements, you can use Conditional Access policies.
For security default and per user MFA no need of premium licenses whereas for conditional access policy you need to have premium P1 license.
- To enable security defaults, follow these steps:
1.Sign in to the Microsoft Admin Center as a Security Administrator.
2.Browse to Identity > Overview > Properties.
3.Select Manage security defaults.
4.Set Security defaults to Enabled.
5.Select Save.
For more information: https://learn.microsoft.com/en-us/microsoft-365/business-premium/m365bp-turn-on-mfa?view=o365-worldwide&tabs=secdefaults#next-step
- To enable per user MFA, follow these steps:
1.Sign in to Microsoft 365 admin center.
2.Navigate to Users > Active users > multi-factor authentication.
3.Select the users for whom you want to turn MFA.
4.Click the “Enable” option that appears to the right of the table of users.
5.Click “Enable Multi-Factor Authentication” on the confirmation screen.
- To enable conditional access policy, follow these steps:
1.Sign in to the Microsoft Entra admin center as at least a Conditional Access Administrator. 2.Browse to Protection > Conditional Access > Policies.
3.Select New policy.
4.Give your policy a name. We recommend that organizations create a meaningful standard for the names of their policies.
5.Under Assignments, select Users or workload identities.
6.Under Include, select All users
7.Under Exclude select Users and groups and choose your organization's emergency access or break-glass accounts.
8.You might choose to exclude your guest users if you're targeting them with a guest user specific policy. Under Target resources > Resources (formerly cloud apps) > Include, select All resources (formerly 'All cloud apps').
9.Under Exclude, select any applications that don't require multifactor authentication.
10.Under Access controls > Grant, select Grant access.
11.Select Require authentication strength, then select the built-in Multifactor authentication strength from the list.
12.Confirm your settings and set Enable policy to Report-only.
13.Select Create to create to enable your policy.
14.After administrators confirm the settings using report-only mode, they can move the Enable policy toggle from Report-only to On.
Hope this helps. Do let us know if you have any further queries.
------------
If this answers your query, do click Accept Answer and Yes if this answer helpful.
Thanks,
B. Siri Chandana.