Enable Multi-Factor Authentication for your Organization
Last Updated: October 18, 2019This article describes how to set up multi-factor authentication (MFA) for Office 365 users. You get a free version of Azure multi-factor authentication as part of your Office 365 for business subscription.
Enable MFA for your organization:
Modern authentication in Exchange Online enables authentication features like multi-factor authentication (MFA) using smart cards, certificate-based authentication (CBA), and third-party SAML identity providers.
-
To enable modern authentication, from the admin center, turn on the new admin center by selecting Try the new admin center toggle located at the top of the Home page.
-
Select Settings > Services & add-ins and then choose Modern authentication from the list.
-
Check the Enable modern authentication box in the Modern authentication panel.
Set up MFA in the new Microsoft 365 admin center:
-
In the admin center, turn on the new admin center by selecting the Try the new admin center toggle located at the top of the Home page.
-
In the left navigation pane, select Setup.
-
Under Setup > Turn on multi-factor authentication (MFA), select View.
-
On the Turn on multi-factor authentication (MFA) page, select Get started.
-
Select the Require multi-factor authentication and Require users to register for multi-factor authentication and block access if risk is detected check boxes.
-
Under Do you want to exclude anyone from these policies, select any users that you want to exclude from the drop-down list box; you may want to exclude users like service accounts used by an automated service that cannot provide MFA tokens.
-
Select Create policy. You will return to the Turn on multi-factor authentication (MFA) page, which will now say Completed.
Note: After you set up multi-factor authentication for your organization, your users will be required to set up two-step verification on their devices.
Set up MFA in the old Microsoft 365 admin center:
-
In the admin center, go to Users > Active users.
-
IMPORTANT: BEFORE you select a user, select Multi-factor authentication from the drop-down list above the list of users.
Note: If you don't see the Multi-factor authentication option, then you aren't a global admin for your subscription. Only global admins can enable or disable MFA. -
On the multi-factor authentication page, find the people for whom you want to enable MFA. In order to see everyone, you might need to change the Multi-Factor Auth status view at the top.
• Any: Displays all users. This is the default state.
• Enabled: The person has been enrolled in MFA, but has not completed the registration process. They will be prompted to complete the process next time they sign in.
• Enforced: The person may or may not have completed registration. If they have completed the registration process, then they are using MFA. Otherwise, they will be prompted to completed the process next time they sign in. -
Select the check box next to the people for whom you want to enable MFA.
-
On the right, under quick steps, you'll see Enable and Manage user settings. Select Enable.
-
In the dialog box that opens, select enable multi-factor auth.