It is a good idea to enable multi-factor authentication (MFA) for all users on your Office 365 tenant. The good news is there are a number of available versions of Azure multi-factor authentication depending on your requirements and available budget. This post covers the options for enabling MFA for users with just Office 365 E3 and E5 Licenses.
Azure multi-factor authentication (MFA) can be enabled per user or for all user logins through Security Defaults:
- In your Office 365 Admin Center, click on the left-hand navigation link: Active Users or go directly via the link below
- Click on the Multi-factor Authentication Option
- Enable or disable MFA for each user as desired
- Enable Security Defaults
Alternatively, Microsoft offers Enabling Security Defaults: a streamlined approach for enabling MFA for all users and ensuring MFA is enforced for all administrators. This is directed at smaller organisations who want MFA set on all admin accounts, or don’t want the expense of purchasing additional Azure AD P1 or P2 licenses to enable MFA through conditional access.
Navigate to the properties option in the Azure AD admin portal. then, click on the Manage Security Defaults link at the bottom of the screen.