Level Up

Challenge #12

Strengthen Administrative Security with MFA

Elevate the security of your administrative accounts in Microsoft 365 by implementing Multi-Factor Authentication (MFA), a crucial step in defending your organization’s core operations.

a network infrastructure requiring protection with multifactor authentication

Why?

Administrative accounts in any organization are akin to holding the keys to the castle. They possess elevated access and control, making them prime targets for cyber attacks. Simply having a strong password is no longer sufficient for these high-stakes accounts. That’s where Multi-Factor Authentication (MFA) comes into play.

Implementing MFA for administrative roles is more than an added security layer; it’s a fundamental necessity. MFA requires a secondary form of verification, such as a code from a mobile app or a biometric scan, making it exponentially harder for unauthorized individuals to gain access. This means that even if a password is compromised, the chances of a security breach are significantly minimized. For small and medium-sized businesses (SMBs), where every resource counts, MFA offers an efficient, cost-effective way to safeguard your most sensitive and critical access points.

How?

Microsoft has largely enabled multifactor authentication policies to protect administrative accounts in Microsoft 365. Let’s ensure our settings protect our critical administrative accounts.

    Step 1: Go to the Microsoft Entra Admin Center

    On your computer, launch a new browser window (Edge, Chrome), and type in https://entra.microsoft.com/ and press enter.

    Note: You will require Microsoft 365 administrative credentials – be sure to have the username and password ready.

    Step 2: Access Identity Protection

    Within the Microsoft Entra Admin Center:

    • Look for and select Identity on the left-hand menu
    • Under Identity select Identity Protection
    • Now select Conditional Access
    Step 3: Validate or Create a Conditional Access Policy
    • Within the Conditional Access window, select Policies
    • Now select the Require MFA for admins policy
    • If this policy does not exist, select New policy and follow along to match the required settings
    Step 4: Validate or Define our Conditional Access Policy settings for Users
    • Within the Require MFA for admins policy window, scroll down and select the link under Assignments / Users
    • In the new blade that opens, under Include we want to Select users and groups, and Directory Roles as the only checked option.
    • Now, select the drop down box, and check the mark beside each built-in directory roles to include in the policy:
      • Application Administrator
      • Authentication Administrator
      • Authentication Policy Administrator
      • Billing Administrator
      • Cloud Application Administrator
      • Conditional Access Administrator
      • Exchange Administrator
      • Global Administrator
      • Groups Administrator
      • Helpdesk Administrator
      • License Administrator
      • Office Apps Administrator
      • Password Administrator
      • Power Platform Administrator
      • Privileged Authentication Administrator
      • Privileged Role Administrator
      • Security Administrator
      • Service Support Administrator
      • SharePoint Administrator
      • Teams Administrator
      • User Administrator
    Step 5: Validate or Define our Conditional Access Policy settings for Target Resources
    • Still within the Require MFA for admins policy window, scroll down and select the link under Target Resources
    • In the new blade that opens, under Include we want to select All cloud apps
    Step 6: Validate or Define our Conditional Access Policy settings for Target Resources
    • Still within the Require MFA for admins policy window, scroll down and select the link under Target Resources
    • In the new blade that opens, under Include we want to select All cloud apps
    Step 7: Enable Policy
    • Still within the Require MFA for admins policy window, scroll down and select enable policy to be On
    • Now, on next login, administrative accounts will be prompted to enroll with Microsoft Authenticator.

    While you’re here…

      Are you prepared for Windows 10 end of life?

      Are you prepared for Windows 10 end of life?

      As we approach October 2025, the end-of-life for Windows 10 looms on the horizon, presenting a pivotal moment for technological advancement and security for small and medium-sized businesses. This isn’t merely an operating system update; it’s a strategic move to future-proof your business operations. Is your business prepared for the switch?

      read more
      You Have Microsoft Teams. Now Uncover Value Beyond Meetings

      You Have Microsoft Teams. Now Uncover Value Beyond Meetings

      Discover the untapped potential of Microsoft Teams for your business with our latest insight. Beyond just chat and meetings, Microsoft Teams is a powerful tool for transforming your business operations. Learn how it can streamline communication, enhance project management, and foster collaboration across various sectors, from healthcare to education.

      read more
      Leveraging the Microsoft Digital Defense Report for Robust SMB Protection

      Leveraging the Microsoft Digital Defense Report for Robust SMB Protection

      Microsoft’s 2023 Digital Defense Report is a critical resource for Small and Medium-sized Business (SMB) leaders, offering valuable insights for transforming cybersecurity challenges into growth opportunities. The report highlights a shift in cyber threats, emphasizing the increasing complexity of supply chain vulnerabilities, ransomware, and phishing operations. It serves as a guide for SMBs to navigate these threats and protect their future.

      read more