How to enable multi factor authentication in office 365

General discussion about this website.

How to enable multi factor authentication in office 365

Postby lalitarawat » Sun Apr 14, 2019 4:16 am

Cybersecurity is one of the major concerns for businesses, and it will remain the same if organizations don’t take the necessary steps to secure their data. In the last few years, you might have heard of more than a thousand hacking incidents, and Facebook data breach was on the top of the list. If you look closely, you’ll get to know that most of these incidents take place due to password negligence and poor security practices. So, it is clear that poor password-based security is not enough anymore.

While organizations are moving to Office 365 for a better cloud environment, it is vital to implement advanced options to secure the data. That’s where the Multi-factor authentication comes in place.

What is Multi-Factor Authentication?

Multi-factor authentication is an authentication technique that uses multiple methods to verify you are the rightful owner of the account. In short, it adds an extra layer of security to user sign-ins and transactions. The multifactor verification works with the following verification methods:

A passcode generated randomly
Via a phone call
A virtual or physical smart card or
A biometric device

This specific authentication method offers high security than simple passwords. Now, let’s see how to set up MFA in Office 365.

Setting MFA for Office 365 Users

First thing first, to set up multi-factor authentication, you must have Office 365 global administrator privilege. Now, follow the below steps to set up MFA for your users.

1. Go to Office 365 admin centre.
2. Now, select Users, and then chose Active users.
3. Click on More tab and select Setup Azure multi-factor auth. If you’re unable to see the “More” tab, then you don’t have global admin privileges.

4. Now, select the people for whom you want to enable the MFA. To see every user, change the Multi-

Factor Authentication status view at the top.

The views can have the following values, based on the user’s MFA state:

“Any” will display all the users, which is a default state.
“Enabled” means the person is enrolled in MFA.
“Enforced” means the users might not have finished the full registration. If the registration process is complete, then the users are using MFA.

5. Tick the “Checkbox” next to the people for whom you want to enable the MFA.
6. On the right-hand side, you’ll see the Enable and Manage user settings under the quick steps tab. Click on the Enable option.
7. A dialog box will appear on the screen; select enable multi-factor auth.

Allowing Users to Create Password for Office 365 Apps Using MFA
Once the MFA is enabled per user, they won’t be able to use a non-browser client like Outlook 2013 with Office 365, unless they create an app password. An app password created with the Azure portal allows users to avoid MFA to continue to use their application.

All client applications of Office 365 support MFA using the Active Directory Authentication Library (ADAL). It means an app password is not required for Office 2016. But, make sure your Office 365 subscription is enabled for ADAL. To confirm this, connect to Exchange Online PowerShell, and run this command:

Get-OrganizationConfig | Format-Table name, *OAuth*
Now, to enable ADAL, use the following command:
Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true

Note: You need Office 365 global admin privilege to perform these steps:
1. Go to Office 365 admin centre.
2. Click on the Users tab, and then select Active users.
3. Select More, and then click Setup Azure multi-factor auth.
4. On the multi-factor authentication page, select service settings.

5. Now, select “Allow users to create app passwords to sign into non-browser apps” under app passwords.
6. Click Save and close the wizard.
Managing MFA User Settings
1. To manage the MFA user settings, go to Multi-factor authentication page and select the users for whom you want to manage.
2. Select Manage user settings under quick steps on the right.
3. Now, select one or more of the following options in the Manage user settings:
Require selected users to provide contact methods again.
Delete all existing app passwords generated by the selected users
Restore multi-factor authentication on all remembered devices
4. Click Save and close the wizard.
Bulk Updating of Users in MFA
The status of existing people in MFA can be updated in bulk using a CSV file. The CSV file is only used to enable and disable MFA for users based on their name present in the file. Following are the steps to bulk update in MFA.
Go to multi-factor authentication page and click bulk update.
Click Browse for the file in the Select a CSV file dialog box.
Select the file that contains the updates and Open it. Make sure, the column headings in your file matches the column headings in the below example:
Click the Next arrow.
Once the file is verified, click Next to update the accounts.
When the process is complete, click Done.
This way you can easily update MFA for users in bulk.

Multi-factor authentication has become necessary for organizations to secure the data of their users. So, following the above steps, the admin can easily set up the multi-factor authentication. However, if you’re finding it difficult, then Server Consultancy experts can easily implement multi-factor authentication for your users. (
Posts: 1
Joined: Sun Apr 14, 2019 4:08 am
Location: United Kingdom

Return to General

Who is online

Users browsing this forum: No registered users and 2 guests