You can use Microsoft’s free Multi-Factor Authentication (MFA) application to further increase the security of your Office 365 users in your organization.
Of course, for this, your organization must have minimum Azure AD, Microsoft 365 and Microsoft 365 license types.
For more, you can visit the addresses below;
Secure user sign-in events with Azure AD Multi-Factor Authentication
Set up multifactor authentication for Microsoft 365
Multifactor authentication for Microsoft 365
Features and licenses for Azure AD Multi-Factor Authentication
If you want to enable MFA for all or some of your users in your organization, you can follow the steps below;Method 1
: You can access the MFA area via the console and take action for users.
Login to Office 365 Admin Center –> Active Users –> Multi-factor authentication
Method 2
: You can do it using Connect-MsolService cmdlet powershell commands.
You can use three different methods, “EnablePerUserMFA”, “BulkImportEnable” and “EnableAllUserMFA”.
#ConnectMsolService
Connect-Msolservice
#EnablePerUserMFA
$user = "alias@domainname"
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement
$st.RelyingParty = "*"
$st.State = "Enabled"
$sta = @($st)
Set-MsolUser -UserPrincipalName $user -StrongAuthenticationRequirements $sta
If you want to enable MFA for more than one user or certain departments;
First we organize your users in csv file type
UserPrincipalName
alias1@domainname
alias2@domainname
alias3@domainname
alias4@domainname
alias5@domainname
alias6@domainname
#BulkImportEnable
$users = Import-Csv "C:\Temp\MFAEnable.csv" foreach ($user in $users) { $st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $st.RelyingParty = "*" $st.State = "Enabled" $sta = @($st) Set-MsolUser -UserPrincipalName $user.UserPrincipalName -StrongAuthenticationRequirements $sta } Write-Host "Script is Running.." Read-Host -Prompt "Script is Completed, Press Enter to Exit."
#EnableAllUserMFA
$st = New-Object -TypeName Microsoft.Online.Administration.StrongAuthenticationRequirement $st.RelyingParty = "*" $st.State = "Enabled" $sta = @($st) Get-MsolUser -All | Set-MsolUser-StrongAuthenticationRequirements $sta
Have a nice day !