How to Enable Multi-Factor Authentication (MFA) in Office 365?

Requirement: Enable multifactor authentication for Office 365 users

How to Enable Multi-Factor Authentication in Microsoft 365?

Multi-Factor Authentication (MFA) adds an extra layer of security to your account and can help protect your data from unauthorized access in the event your password is compromised. MFA is not enabled by default. This article will show you how to enable MFA for your Microsoft 365 account.

We can enable MFA in Office 365 through the Microsoft 365 Admin Center:

  • Login to the Microsoft 365 Admin Center at https://admin.microsoft.com/
  • Expand “Users” and click on “Active Users”
  • Click on “Multi-Factor Authentication” button in the ribbon.enable multi factor authentication for office 365
  • Select the user(s) for which you want to enable MFA >> Click on “Enable” on the right side panel.enable multi factor authentication office 365 admin
  • Click on “enable multi-factor auth” to confirm enabling the multi-factor authentication for selected users.how to enable multi factor authentication in office 365

Bulk enable multi-factor Authentication in Office 365

You can bulk enable MFA for multiple users by selecting all of them on the “Multi-factor Authentication” page above. Alternatively, you can click on the “Bulk Update” button and follow the steps to enable MFA for bulk users in Office 365. It uses a CSV template to bulk update MFA settings for multiple users.

bulk enable multi factor authentication office 365

PowerShell to Enable Multi-factor authentication in Office 365

Currently, there is no method to enable MFA using the PowerShell V2 module, and we got to use the classic V1! Ensure you have installed the Azure AD PowerShell Module: How to Install the Azure AD PowerShell module?

Let’s enable MFA for one particular user account in Office 365:

$UserID = "[email protected]"

#Connect to Azure AD V1
Connect-MsolService

#Create a Strong Authentication Requirement Object
$SAR = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$SAR.RelyingParty = "*"
$SAR.State = "Enabled"

#Enable MFA for the user
Set-MsolUser -UserPrincipalName $UserID -StrongAuthenticationRequirements @($SAR)

To get all user accounts with MFA enabled, use:

Get-MsolUser | Where {$_.StrongAuthenticationMethods -like "*"}

You can enable Multifactor authentication for all user accounts with:

#Connect to Azure AD V1
Connect-MsolService

#Create a Strong Authentication Requirement Object
$SAR = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$SAR.RelyingParty = "*"
$SAR.State = "Enabled"

#Enable MFA for All User Accounts
Get-MsolUser -All | Where {$_.StrongAuthenticationRequirements.State -eq $null} | Set-MsolUser -StrongAuthenticationRequirements @($SAR)

Salaudeen Rajack

Salaudeen Rajack - SharePoint Expert with Two decades of SharePoint Experience. Love to Share my knowledge and experience with the SharePoint community, through real-time articles!

Leave a Reply

Your email address will not be published.