Challenge #13
Implement MFA for All Users
Elevate your organization’s security by enforcing Multi-Factor Authentication (MFA) for all users, adding a critical layer of protection against unauthorized access.
Why?
Administrative accounts in any organization are akin to holding the keys to the castle. They possess elevated access and control, making them prime targets for cyber attacks. Simply having a strong password is no longer sufficient for these high-stakes accounts. That’s where Multi-Factor Authentication (MFA) comes into play.
Implementing MFA for administrative roles is more than an added security layer; it’s a fundamental necessity. MFA requires a secondary form of verification, such as a code from a mobile app or a biometric scan, making it exponentially harder for unauthorized individuals to gain access. This means that even if a password is compromised, the chances of a security breach are significantly minimized. For small and medium-sized businesses (SMBs), where every resource counts, MFA offers an efficient, cost-effective way to safeguard your most sensitive and critical access points.
Important Considerations
Implementing MFA for all users is a significant change and can greatly impact the user experience. It’s essential to prepare and educate your staff about this transition to ensure a smooth rollout:
Communicate in Advance: Inform your team about the upcoming implementation of MFA. Provide clear reasons why this change is necessary for enhancing security.
Training and Support: Offer training sessions and resources to help users set up and get comfortable with MFA.
Phased Rollout: Consider a phased approach to implementation, allowing users to adapt gradually to the new system.
If you have doubts or are concerned about making these changes on your own, we are more than happy to help.
How?
To activate MFA for every user in your organization, we have a few options, but for simplicity sake, we’ll use the policy templates available from Microsoft. Please also reference the resources section below to help you communicate change effectively with your staff.
Step 1: Go to the Microsoft Entra Admin Center
On your computer, launch a new browser window (Edge, Chrome), and type in https://entra.microsoft.com/ and press enter.
Note: You will require Microsoft 365 administrative credentials – be sure to have the username and password ready.
Step 2: Access Conditional Access Policies
Within the Microsoft Entra Admin Center:
- Look for and select Protection on the left-hand menu
- Under Protection select Conditional Access
Step 3: Create a policy from template
- Within the Conditional Access / Overview window, select Create a new policy from templates near the top of the screen
- Within the new window, under Secure foundation find and select the policy template called Require multifactor authentication for all users
- Then click Review + Create
Step 4: Review policy configuration
- Within the Create new policy from templates window, provide a policy name such as Require multifactor authentication for all users
- We can leave the policy state as Report only while we work with our staff to ensure they are ready (e.g., training, awareness, Microsoft Authenticator deployed, etc.)
- Under Assignments, the policy will default to including All users and excluding the Current user. The current user is excluded to prevent accidental lockout from your Microsoft 365 environment. However, and ideally, this excluded account is already included in our previous MFA configuration for administrators.
- We can additionally exclude all the previous administrative roles that are configured in our MFA for Admins policy created previously. This ensures we do not have any conflicting or overlapping policies for MFA and conditional access applying to the same accounts.
- We can leave the defaults for Cloud apps or actions and Grant as they are.
- Once you are satisfied with the selections, click Create.
Step 5: Enable the policy
- Once you are confident that all staff are ready for multifactor to be enabled, revisit the policy in the Entra Admin Center, under Protection – Conditional Access.
- Select the appropriate policy, and scroll down until you see Enable policy
- Adjust the policy from Report-only to On
- Select Save
Additional Resources
These resources are valuable for both administrators and end-users.
Microsoft Authenticator Guide
Microsoft’s guide walks end users through the Microsoft Authenticator configuration process on their phones. We recommend you provide this information to staff before enabling MFA in your Microsoft 365 tenant.
Deep Dive on Conditional Access
Conditional Access templates provide a convenient method to deploy new policies aligned with Microsoft recommendations. These templates are designed to provide maximum protection aligned with commonly used policies.
Emergency Access Accounts
Prevent being accidentally locked out of your Microsoft 365 organization. You can mitigate the impact of accidental lack of administrative access by creating two or more emergency access accounts in your organization.
End User Demonstration
A quick video demonstrating the end-user experience for first-time registration with Microsoft Authenticator.
While you’re here…
Escaping the E-mail Quicksand: Embracing Microsoft 365 and AI for a Productive Tomorrow
The traditional email-centric communication model is proving to be a productivity bottleneck. Transitioning to a more efficient model is no longer a luxury but a necessity. Microsoft 365, enriched with AI technologies, presents a viable solution. This post explores how adopting Microsoft 365 can significantly reduce e-mail overload, streamline communications, enhance collaboration, and ultimately foster a culture of productivity and meaningful work.
We have moved!
Just as a ship relies on its compass and the guidance of a lighthouse to navigate treacherous waters, we understand that businesses today lean on trusted partners to steer their IT journey. As we evolve and adapt to the changing business landscape, we are excited to announce a significant beacon of change in our company’s journey.
Embracing the Future of Work: Our Achievement as a Microsoft Modern Work SMB Solutions Partner
We’re pleased to announce our achievement as a Microsoft Solutions Partner for Modern Work in the Small and Medium Business (SMB) track. This significant milestone underpins our commitment to empowering Modern SMBs to boost productivity, improve security and navigate the shift to hybrid work using the robust capabilities of Microsoft 365.