Multi factor authentication is a security layer used to protect user accounts. In Microsoft 365, it provides various options for configuring and using the MFA. For all Microsoft 365 plans, we have a basic MFA included in it which can be configured, enabled, and managed using the Microsoft 365 Admin center. For more granular security options, we can purchase Azure AD premium licenses which provides these capabilities.
We will now see the options available within the Microsoft 365 admin portal,
- Login to M365 admin center -> Users -> Active Users -> Select “Multi-factor authentication”
- A new tab opens with the MFA options. Here the key point is that “Users” tab is the first page where we can enable/disable/enforce the MFA for the specific users or all
-
Before Enabling MFA, go to “Service Settings” tab to verify and modify the MFA settings
- App Passwords: These passwords are generated once and to be entered as a second verification method for the non-browser apps like outlook, etc. For more information, please check here
- Trusted ips: These are IP ranges where MFA will be skipped
- Verification Options: These are the options available for the user to get the secondary authentication process to access the services. Kindly check the phone carrier services before enabling call/text to phone if users are of roaming profiles
- Trusted Device: If enabled, users doesn’t have to challenge MFA on their trusted devices for the number of days configured
So, we have now seen the options available for MFA with the Microsoft 365 licenses. Microsoft also provides more features for MFA like conditional access, MFA reports, Fraud alerts, and more but these are included as part of Azure AD premium licenses and manged using the Azure AD portal. For more information on the licensing for MFA, please check here
Happy learning!!