Multi Factor Authentication MFA in Office 365 for Admin Accounts

The last thing you want to happen is when your (global) admin accounts are compromised. One easy way to avoid this is to enable multi factor authentication or MFA for you tenant admin accounts.

To achieve this, go to the Office 365 admin center and select the active users. Click More and select Multifactor Authentication setup as shown below:

Active_Users

You’ll see a list of all users in your organization that have MFA enabled. If this is the first time you’re here, most likely all users will have MFA set to disabled.

To show only the Global Administrators select Global Administrators in the View dropdown box. Select the Global Administrator and select Enable under Quick Steps.

MFA_Enable

In the pop-up box, select enable multi-factor auth to continue

about_enable_MFA

In the Updates Successful popup, click Close to continue.

To configure MFA, logon with the Global Admin account you just enabled MFA for. In the Additional Security Verification windows, select the verification method. This can be a text message (SMS) or Microsoft can call you as shown in the following screenshot:

Additional_Security_Verification

When you click Next, a verification message will be sent. Enter it and click Verify to continue. For my Global Admin MFA, I don’t need any app passwords, so I’ll leave that for now and click Done.

You have now enabled Multi Factor Authentication for your Global Admin account, and a step closer to a more secure Office 365 environment. Oh, and please, don’t forget to enable this for all your Global Admin accounts of course.

I’m curious to see what the Secure Score analyzer says about this change. The analyzer runs once a day (1AM PST which equals 9AM GMT). It needs a couple of hours, plus it takes over 48 hours to reflect on the portal…. so I’ll just wait….

 

2 thoughts on “Multi Factor Authentication MFA in Office 365 for Admin Accounts”

  1. Why not use the Conditional Access MFA 🙂 Then you can whitelist internal network so you not have to constantly MFA (like a lazy admin). Curious if that will affect Secure Score though.

    Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s