Skip to content

Enable MFA for All Office 365 Users using Azure Active Directory Identity Protection.

Published by lazy-admin on Mar 12, 2019

Enable MFA for All Office 365 Users using Azure Active Directory Identity Protection.

“Azure Active Directory Identity Protection provides a consolidated view of at risk users, risk events and vulnerabilities, with the ability to remediate risk immediately, and set policies to auto-remediate future events. The service is built on Microsoft’s experience protecting consumer identities and gains tremendous accuracy from the signal from over 13B logins a day.”

To get started you will have to login to Office 365 Admin Portal https://Portal.Office.com

From the Admin console, open Azure Active Directory.

A screenshot of a cell phone Description automatically generated

From the Azure Active Directory Portal, click on the search and type MarketPlace.

A screenshot of a cell phone Description automatically generated

From the MarketPlace in the Everything search bar type: Azure AD Identity Protection.

A screenshot of a cell phone Description automatically generated

Click on Azure AD Identity Protection then on the right-hand side click on Create.

A screenshot of a social media post Description automatically generated

Before completing the creation, you will be moved to a secondary window to select your Directory. Select the directory and click create.

A screenshot of a cell phone Description automatically generated

To get to Azure AD Identity protection portal, click on the search on top of the Azure portal and type Azure AD Identity Protection.

A screenshot of a computer Description automatically generated

The next step is to configure which users we want to enable MFA. For the purpose of this demo I will select a security group.

To get started, click on the MFA registration under CONFIGURE and then select Assignments.

A screenshot of a cell phone Description automatically generated

From the Assignments Menu, select “include” and then select “select individuals and groups”, Select the group who needs to have MFA enabled and click select at the bottom of the page.

A screenshot of a cell phone Description automatically generated

Click on Done at the next blade.

A screenshot of a cell phone Description automatically generated

Next you will be redirected back to the beginning and then select Controls.

A screenshot of a cell phone Description automatically generated

Then make sure MFA is selected and then click on Select.

A screenshot of a cell phone Description automatically generated

Next you can view what the impact of your change will be and how many users will be affected, so because I have selected a Security group on 3 users will be impacted.

A screenshot of a cell phone Description automatically generated

To complete the process, click on “Enforce Policy” and then click on Save at the bottom of the blade.

A screenshot of a cell phone Description automatically generated

And this is how you can enable MFA for all users or selected users in your Organization without having to enable it for individual users

 

.

Post Views: 1,256

Sharing is caring!

Published inAzure Active DirectoryAzure AD Identity ProtectionOffice 365

Be First to Comment

Leave a Reply

Your email address will not be published.