With the ever-growing threat of cyberattacks, it is essential to protect your data and information. Multi-factor authentication (MFA) is an ideal way to strengthen your security and protect your information from unauthorised access.
This guide will take you through the steps required to enable MFA in Microsoft 365 and provide you with the necessary tools and information to ensure your security is up to date and protected.
Multi-factor authentication (MFA) is an authentication method that requires the user to provide two or more pieces of authentication to verify their identity before they can access an account.
Multi-factor authentication is often broken down into two categories: Something you know, and something you have. Something you know refers to a login password or PIN. Something you have can be in the form of an app on your mobile device that generates a one-time code, a token/key fob, a biometric device, or a dedicated hardware device.
You may think that enabling MFA is sufficient to protect your data and users. However, you may be missing an opportunity to strengthen your security further with the use of more advanced MFA settings. Microsoft claims that MFA can help prevent 99.9% of account attacks; advanced MFA settings will strengthen your security posture even more.
Advanced MFA settings allow you to specify MFA settings for specific users and groups, as well as set Expiration and Retry Rules. By enabling these more advanced settings, you can control the MFA experience for your users and ensure that your data is as secure as possible.
Microsoft 365 supports MFA through verification codes sent to the user’s phone, phone calls, or through the Microsoft Authenticator app. As an admin, there are three ways you can set up MFA in M365 for your users: security defaults, conditional access, and legacy per-user MFA.
By turning on Microsoft 365’s security defaults, you will enable pre-configured security settings provider by Microsoft to help protect your business from identity-related attacks. This will include automatically enabling MFA for all user accounts, including admins.
To turn on security defaults:
Conditional access allows you to create specific policies with complex security requirements tailored to the needs of your business; for example, you can create policies to determine whether or not users will be granted access when their sign-ins are evaluated under the conditions you have specified.
You can also assign MFA requirements based on group memberships instead of configuring the settings for individual accounts.
To enable MFA with conditional access:
This option is the most cumbersome of the three, as you will have to configure each individual account’s settings.
To configure the user’s settings:
Microsoft does not encourage changing a user’s status to enforced unless they have registered.
Once you have configured MFA to your specific business requirements, you can manage the strength. Microsoft 365 allows admins to create up to 15 custom authentication strengths.
To create custom MFA strength:
Managing the strengths of your MFA settings will ensure increased security for your M365 user accounts, but knowing which custom settings to apply may take trial and error methods that you don’t have time for.
The Microsoft 365 specialists at Essential Tech can help you configure MFA settings that will suit your business needs, users, and ensure an increased security posture the first time around. Talk to them today.