The last thing you want to happen is when your (global) admin accounts are compromised. One easy way to avoid this is to enable multi factor authentication or MFA for you tenant admin accounts.
To achieve this, go to the Office 365 admin center and select the active users. Click More and select Multifactor Authentication setup as shown below:
You’ll see a list of all users in your organization that have MFA enabled. If this is the first time you’re here, most likely all users will have MFA set to disabled.
To show only the Global Administrators select Global Administrators in the View dropdown box. Select the Global Administrator and select Enable under Quick Steps.
In the pop-up box, select enable multi-factor auth to continue
In the Updates Successful popup, click Close to continue.
To configure MFA, logon with the Global Admin account you just enabled MFA for. In the Additional Security Verification windows, select the verification method. This can be a text message (SMS) or Microsoft can call you as shown in the following screenshot:
When you click Next, a verification message will be sent. Enter it and click Verify to continue. For my Global Admin MFA, I don’t need any app passwords, so I’ll leave that for now and click Done.
You have now enabled Multi Factor Authentication for your Global Admin account, and a step closer to a more secure Office 365 environment. Oh, and please, don’t forget to enable this for all your Global Admin accounts of course.
I’m curious to see what the Secure Score analyzer says about this change. The analyzer runs once a day (1AM PST which equals 9AM GMT). It needs a couple of hours, plus it takes over 48 hours to reflect on the portal…. so I’ll just wait….
2 thoughts on “Multi Factor Authentication MFA in Office 365 for Admin Accounts”
Why not use the Conditional Access MFA 🙂 Then you can whitelist internal network so you not have to constantly MFA (like a lazy admin). Curious if that will affect Secure Score though.
Not everything at the same time (is that correct English? 🙂