Level Up

Challenge #13

Implement MFA for All Users

Elevate your organization’s security by enforcing Multi-Factor Authentication (MFA) for all users, adding a critical layer of protection against unauthorized access.

secure authentication


Administrative accounts in any organization are akin to holding the keys to the castle. They possess elevated access and control, making them prime targets for cyber attacks. Simply having a strong password is no longer sufficient for these high-stakes accounts. That’s where Multi-Factor Authentication (MFA) comes into play.

Implementing MFA for administrative roles is more than an added security layer; it’s a fundamental necessity. MFA requires a secondary form of verification, such as a code from a mobile app or a biometric scan, making it exponentially harder for unauthorized individuals to gain access. This means that even if a password is compromised, the chances of a security breach are significantly minimized. For small and medium-sized businesses (SMBs), where every resource counts, MFA offers an efficient, cost-effective way to safeguard your most sensitive and critical access points.

Important Considerations

Implementing MFA for all users is a significant change and can greatly impact the user experience. It’s essential to prepare and educate your staff about this transition to ensure a smooth rollout:

Communicate in Advance: Inform your team about the upcoming implementation of MFA. Provide clear reasons why this change is necessary for enhancing security.

Training and Support: Offer training sessions and resources to help users set up and get comfortable with MFA.

Phased Rollout: Consider a phased approach to implementation, allowing users to adapt gradually to the new system.

If you have doubts or are concerned about making these changes on your own, we are more than happy to help.


To activate MFA for every user in your organization, we have a few options, but for simplicity sake, we’ll use the policy templates available from Microsoft. Please also reference the resources section below to help you communicate change effectively with your staff.

    Step 1: Go to the Microsoft Entra Admin Center

    On your computer, launch a new browser window (Edge, Chrome), and type in https://entra.microsoft.com/ and press enter.

    Note: You will require Microsoft 365 administrative credentials – be sure to have the username and password ready.

    Step 2: Access Conditional Access Policies

    Within the Microsoft Entra Admin Center:

    • Look for and select Protection on the left-hand menu
    • Under Protection select Conditional Access
    Step 3: Create a policy from template
    • Within the Conditional Access / Overview window, select Create a new policy from templates near the top of the screen
    • Within the new window, under Secure foundation find and select the policy template called Require multifactor authentication for all users
    • Then click Review + Create
    Step 4: Review policy configuration
    • Within the Create new policy from templates window, provide a policy name such as Require multifactor authentication for all users
    • We can leave the policy state as Report only while we work with our staff to ensure they are ready (e.g., training, awareness, Microsoft Authenticator deployed, etc.)
    • Under Assignments, the policy will default to including All users and excluding the Current user. The current user is excluded to prevent accidental lockout from your Microsoft 365 environment. However, and ideally, this excluded account is already included in our previous MFA configuration for administrators.
    • We can additionally exclude all the previous administrative roles that are configured in our MFA for Admins policy created previously. This ensures we do not have any conflicting or overlapping policies for MFA and conditional access applying to the same accounts.
    • We can leave the defaults for Cloud apps or actions and Grant as they are.
    • Once you are satisfied with the selections, click Create.
    Step 5: Enable the policy
    • Once you are confident that all staff are ready for multifactor to be enabled, revisit the policy in the Entra Admin Center, under Protection – Conditional Access.
    • Select the appropriate policy, and scroll down until you see Enable policy
    • Adjust the policy from Report-only to On
    • Select Save

    Additional Resources

    These resources are valuable for both administrators and end-users.

      Microsoft Authenticator Guide

      Microsoft’s guide walks end users through the Microsoft Authenticator configuration process on their phones. We recommend you provide this information to staff before enabling MFA in your Microsoft 365 tenant.

      Deep Dive on Conditional Access

      Conditional Access templates provide a convenient method to deploy new policies aligned with Microsoft recommendations. These templates are designed to provide maximum protection aligned with commonly used policies.

      Emergency Access Accounts

      Prevent being accidentally locked out of your Microsoft 365 organization. You can mitigate the impact of accidental lack of administrative access by creating two or more emergency access accounts in your organization.

      End User Demonstration

      A quick video demonstrating the end-user experience for first-time registration with Microsoft Authenticator.

        While you’re here…

          Navigating Technology Investments for SMBs

          Navigating Technology Investments for SMBs

          SMBs often find themselves caught between having too little technology, leading to reliance on manual processes, or too much, resulting in costly overlaps and inefficiencies. Navigating this complex environment requires a strategic approach to technology investments. Whether looking to optimize your current technology or plan for future investments, this guide offers practical insights and strategies for SMBs.

          read more
          Why Switch Your Managed Services Provider?

          Why Switch Your Managed Services Provider?

          Are you confident your current MSP is equipped to handle tomorrow’s challenges? Many businesses hesitate to switch MSPs due to fears of disruption and data security risks. At Third Octet, we ensure a smooth transition that enhances your operational success. Our proactive approach can transform your IT infrastructure, making your business more secure and efficient. Discover how partnering with Third Octet can drive your business forward.

          read more
          Enhancing Cybersecurity Effectiveness through Employee Education: Introducing Our New Training Platform

          Enhancing Cybersecurity Effectiveness through Employee Education: Introducing Our New Training Platform

          Threats loom larger with each passing day. Securing your organization’s assets has never been more critical. Our cybersecurity training platform stands ready to arm your workforce with the necessary knowledge and tactics—not just to respond to threats but to anticipate and neutralize them. Delivered through our comprehensive Workplace Suite, this platform offers an engaging, multifaceted educational experience that’s more than a set of tools; it’s a transformative process designed to strengthen the most crucial element of your security infrastructure: your people.

          read more