Level Up

Challenge #13

Implement MFA for All Users

Elevate your organization’s security by enforcing Multi-Factor Authentication (MFA) for all users, adding a critical layer of protection against unauthorized access.

secure authentication


Administrative accounts in any organization are akin to holding the keys to the castle. They possess elevated access and control, making them prime targets for cyber attacks. Simply having a strong password is no longer sufficient for these high-stakes accounts. That’s where Multi-Factor Authentication (MFA) comes into play.

Implementing MFA for administrative roles is more than an added security layer; it’s a fundamental necessity. MFA requires a secondary form of verification, such as a code from a mobile app or a biometric scan, making it exponentially harder for unauthorized individuals to gain access. This means that even if a password is compromised, the chances of a security breach are significantly minimized. For small and medium-sized businesses (SMBs), where every resource counts, MFA offers an efficient, cost-effective way to safeguard your most sensitive and critical access points.

Important Considerations

Implementing MFA for all users is a significant change and can greatly impact the user experience. It’s essential to prepare and educate your staff about this transition to ensure a smooth rollout:

  • Communicate in Advance: Inform your team about the upcoming implementation of MFA. Provide clear reasons why this change is necessary for enhancing security.
  • Training and Support: Offer training sessions and resources to help users set up and get comfortable with MFA.
  • Phased Rollout: Consider a phased approach to implementation, allowing users to adapt gradually to the new system.

If you have doubts or are concerned about making these changes on your own, we are more than happy to help.


To activate MFA for every user in your organization, follow these steps. Please also reference the resources section below to help you communicate change effectively with your staff.

    Step 1: Go to the Microsoft Defender Admin Center

    On your computer, launch a new browser window (Edge, Chrome), and type in https://security.microsoft.com/ and press enter.

    Note: You will require Microsoft 365 administrative credentials – be sure to have the username and password ready.

    Step 4: Enable the Attachments Filter
    • Within the Default policy window, scroll down and select Edit protection settings
    • Now we want to scroll back up until we see Protection Settings at the top
    • Just below Protection Settings, we want to check the box to Enable the common attachments filter
    • By default, several attachments are already included. You can view the current file types that are included by clicking Select file types
      • Within this window, you can choose to add more file types (by simply typing the file type extension without a preceeding period, such as “test”), or
      • You can also choose to exclude any file type extensions that may be critical to your business operations.
    • Once you are satisfied with the selections, click Done.
    • Back in the main window, you can now click Save.
    Step 2: Access Email & Collaboration Policies

    Within the Microsoft Defender Admin Center:

    • Look for and select Email & Collaboration on the left-hand menu
    • Under Email & Collaboration select Policies & rules
    • Now select Threat policies
    Step 3: Configure Anti-Malware Settings
    • Within the Threat policies window, select Anti-malware option under policies
    • Now select the Default policy

    Additional Resources

    These resources provide step-by-step instructions and are valuable for both administrators and end-users.

      Microsoft Authenticator Guide

      Microsoft’s guide walks end users through the Microsoft Authenticator configuration process on their phones. We recommend you provide this information to staff before enabling MFA in your Microsoft 365 tenant.

      While you’re here…

        How SMBs Can Outsmart Advanced Email Threats

        How SMBs Can Outsmart Advanced Email Threats

        Explore the criticality of email security for businesses, delving into sophisticated threats like Spear Phishing, BEC, and Ransomware, and identify practical steps for enhanced protection. The article highlights the gaps in Microsoft 365’s email defense and advocates for a layered security approach. With real-life examples and tangible results, we underscore the importance of proactive measures and Third Octet’s comprehensive solutions to safeguard your business email and infrastructure against evolving cyber threats.

        read more
        Microsoft Opens the Gates to Copilot for SMB

        Microsoft Opens the Gates to Copilot for SMB

        Microsoft’s Copilot for Microsoft 365, now accessible to SMBs, is redefining business efficiency and creativity. Integrating AI with familiar Microsoft applications, it streamlines tasks, boosting productivity. The expansion democratizes AI for SMBs, offering the same advanced tools as larger corporations. Third Octet emphasizes how Copilot tackles SMB challenges like productivity, data analysis, and cost-effective innovation. The future holds promises of enhanced AI learning, broader application integration, and advanced analytics, with Third Octet ready to guide businesses in leveraging these AI advancements.

        read more
        Are you prepared for Windows 10 end of life?

        Are you prepared for Windows 10 end of life?

        As we approach October 2025, the end-of-life for Windows 10 looms on the horizon, presenting a pivotal moment for technological advancement and security for small and medium-sized businesses. This isn’t merely an operating system update; it’s a strategic move to future-proof your business operations. Is your business prepared for the switch?

        read more