قالب وردپرس درنا توس
Home / Tips and Tricks / How to enforce multi-factor authentication for all users of your Office 365 subscription

How to enforce multi-factor authentication for all users of your Office 365 subscription

  office 365 logo

Multi-Factor Authentication (MFA) is an excellent security tool, and we always recommend it. Office 365 administrators can enforce MFA for users, so you can protect anyone who shares your Office 365 business subscription.

You must be an Office 365 administrator, which is only the case for a business plan. If your Office 365 subscription is part of a domain hosting package, you have access to the Admin console. However, if you have just purchased a personal subscription (or a home subscription for your family), you will not have access to the Admin console, and you will only be able to activate MFA for yourself. If you're not sure, click the Office 365 app launcher and look for the admin tile.

  The Admin Tile on the O365 App Launcher

If this is the case, you will have access to the Admin Console. Click on the "Admin" tile and click Settings> Services and Add-ins in the menu on the left.


This opens the Services and Add-Ins page Make various changes at the tenant level. One of the top elements will be "Azure Multi-Factor Authentication".


Click this button, and in the window that opens, click Manage Multi-Factor Authentication.


This brings you to the side of multi-factor authentication. You can activate MFA immediately for anyone using your Office 365 subscription. But first you should familiarize yourself with the default settings. Click on "Service Settings".


You can change the desired settings or leave them as default settings. One possible setting for changing is whether MFA can be stored on a device or not. By default, this option is disabled, but if you turn it on, your family will not have to go through the MFA process each time they check their emails or edit a document. A device may be at 14 before re-authenticating, which means that a phone / tablet / computer is trusted for 14 days before the user must go through the MFA process again. Having to go through the MFA process is easy, but every 2 weeks on every device your family uses may still be too much and you have the option to set that value to 60 days.

If If you make changes to this or any other setting, click "Save" at the bottom of the panel to save the changes, and then click "User" to turn MFA back on.


Now that you've verified that the settings are correct, you can enable MFA for each user. Select the users for whom you want to enable MFA.

 The user table with a selected user

Click the "Enable" option to the right of the users' table. [19659003]   The activation option

On the confirmation screen, click Enable Multi-Factor Authentication.


This enables the MFA for the user The next time they log in to Office 365 on the Web, they must set up MFA. If you do not sign up very often (or you want to make sure you're around to help them through the process), you can also send them the link on the confirmation screen so they can set up the MFA at the same time. The link is https://aka.ms/MFASetup, which is the same for anyone setting up MFA.

If you click Enable Multi-Factor Authentication, you see a success message that you can close

 The MFA

is now enabled for the user. Now they have to set it up. Whether you wait until the next logon or use the link above, the process for setting up MFA is exactly the same.

Log in to your Office 365 account as usual, and a screen will appear saying "Your organization needs more information to keep your account safe."

 The beginning of the O365 sign-in process

Click Next to go to the Additional Security Review window You can choose your MFA method. We always recommend using an authentication app and you must use Microsoft Authenticator with Office 365. Even using MFA via SMS is still better than having no MFA. So choose the method that works best for you in the first drop-down menu.


We will use a mobile app that will modify the available configuration options. First, you'll need to choose whether to receive "confirmation notifications" (that is, a message appears in the Microsoft Authenticator app on your phone that prompts you to approve or deny logging in to your account) or whether Use "verification code" (This means that if you sign in to Office 365 on your phone, you will need to enter a code generated by the Microsoft Authenticator app.) It will either work well and it will be up to you what you choose You click on the "Setup" button to set up the app.

 Option Buttons for Selecting the Contact Method

At this point, a window displaying the installation will be displayed on the Microsoft Authenticator app on your phone, and either scan a QR code or enter a code and URL instead if you can not scan the QR code, if you did n, click Next to return to the Additional Security Check window, which indicates that the activation status is being reviewed.


This may take a few seconds to complete, and upon completion of the message it will appear that MFA has been configured.

 The successful MFA configuration message

Click Next, and Office 365 verifies that everything is working. Depending on which option you've selected for review, either a deny or confirm message will be sent to your app, or you'll be prompted to enter code from the app. In this example, a Deny or Approve message has been sent and a response is waiting.

 A message is displayed while waiting for a response to the test notification.

After you confirm this MFA If you lose access to the app, you will be asked for a phone number.

 Cell Phone Number Text Box

This phone number is used as a backup for using SMS phone calls or calls if you can not use the Microsoft Authenticator app. Eg if you do not have WLAN (or if you have used up the data of your monthly plan and you are on the way). It can also be used if you have lost your phone. Therefore, you might want to dial the number of a family member instead of your own member. When you have entered a number, click "Next" to display the last screen.

<img class = "alignnone wp-image-410073 size-full" data-pagespeed-lazy-src = "https://www.howtogeek.com/wp-content/uploads/2019/04/x18-MFA -Setup-8.png.pagespeed.gp + jp + jw + pj + ws + js + rj + rp + rw + ri + cp + md.ic.UxaUMvf30D.png "alt =" The password field for the app and the Done button "width =" 619 "height =" 262 "src =" /pagespeed_static/1.JiBnMqyl6S.gif "onload =" pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon (this); "onerror =" this.onerror = null; pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon (this); it is now recognized as being created for MFA use.You must now use this password for each of the following apps that you typically use:

  • Outlook desktop app for your PC or Mac
  • Email apps (except the Outlook app) for iOS, Android, or BlackBerry device
  • Office 2010, Office for Mac 2011 or earlier
  • Windows Essentials (Photo Gallery, Movie Maker, Mail)
  • Zune Desktop Application [19659043] Xbox 360
  • Windows Phone 8 or earlier

The next time you try to open one of these apps, you will be prompted for your password. Copy it from here and use it when prompted. We can confirm that Outlook needs to use the generated password on your computer, but the Outlook app on your phone does not, and yes, we find it odd, but it's not hard.

Click Done. You will be returned to the login screen to log in as usual, but this time with MFA. It's a simple, fast process that provides valuable added security and is highly recommended by How-To Geek.

Source link