STEP 1:
Login to portal.office.com as a Global admin
Then click on Admin.
STEP 2:
Click on Users and then Active users
STEP 3:
And then click on the Multi-factor authentication:
STEP 4:
This tab will appear.
Before enabling the MFA, service settings must be configured.
Select service settings.
STEP 5:
Select the settings agreed with the customer.
Find below all the explanation of Service settings.
EXPLANATION OF SERVICE SETTINGS
Source: https://learn.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#verification-methods
1. App passwords
Some older, non-browser apps like Office 2010 or earlier and Apple Mail before iOS 11 don’t understand pauses or breaks in the authentication process. A Multi-Factor Authentication (MFA) user who attempts to sign in to one of these older, non-browser apps, can’t successfully authenticate. To use these applications in a secure way with Azure AD Multi-Factor Authentication enforced for user accounts, you can use app passwords. These app passwords replaced your traditional password to allow an app to bypass multi-factor authentication and work correctly.
Note: App passwords don’t work with Conditional Access based multi-factor authentication policies and modern authentication. Also, are considered less secure than using your phone for authentication. As an administrator, you can remove this option for users when enabling MFA.
2. Trusted Ips
The trusted IPs feature of Multi-Factor Authentication bypasses multi-factor authentication prompts for users who sign in from a defined IP address range. You can set trusted IP ranges for your on-premises environments. When users are in one of these locations, there’s no Azure AD Multi-Factor Authentication prompt.
3. Verification options
| Method | Explanation |
| Call to phone | Places an automated voice call. The user answers the call and presses # on the phone to authenticate. The phone number isn’t synchronized to on-premises Active Directory. |
| Text message to phone | Sends a text message that contains a verification code. The user is prompted to enter the verification code into the sign-in interface. |
| Notification through mobile app | Sends a push notification to the user’s phone or registered device. The user views the notification and selects Verify to complete verification. The Microsoft Authenticator app is available for Windows Phone, Android, and iOS. |
| Verification code from mobile app or hardware token | The Microsoft Authenticator app generates a new OATH verification code every 30 seconds. The user enters the verification code into the sign-in interface. The Microsoft Authenticator app is available for Windows Phone, Android, and iOS. |
4. Remember multi-factor authentication on trusted device
With “Remember Multi-Factor Authentication” you allow users to disable MFA temporarily on trusted devices for a limited number of days. You can change the number of days.
STEP 6:
After configuring the settings click save:
STEP 7:
After configuring service settings and save, select (1) users.
Select all next to display name (2) or select the users that you will apply the MFA and then enable (3).
STEP 8:
Select all (1) or the specific users and click Enforce (2).
Enable is to enable MFA. Enforce makes sure the users actually set it up before continuing in their next sign in.
Leave A Comment?