Managing security across your Microsoft 365 user accounts can be a daunting, and time-consuming, task. However, with the right knowledge and approach, managing MFA strengths in Microsoft 365 can be a straightforward and secure process.
By taking the time to learn about the various authentication methods and their respective strengths and weaknesses, your organization can ensure their Microsoft 365 environment is secure and compliant with industry standards.
What is multi-factor authentication?
Multi-factor authentication (MFA) requires users to present two or more types of evidence, such as a one-time code sent via text message, an email confirmation, or a biometric scan like a fingerprint or facial recognition. The combination of factors makes it much harder for cybercriminals to gain access to an account, as they would need to know both the username and password, and have access to the user’s device.
Why you should implement advanced MFA settings
Microsoft claims that MFA can help prevent 99.9% of account attacks; advanced MFA settings will strengthen your security posture even more. It is an effective way to protect data from unauthorized access by preventing malicious actors from gaining access to Microsoft 365 accounts, even if they have a user’s password.
If a malicious actor gains a user’s password, they will still need to provide additional evidence in order to access the account. This reduces the risk of data breaches and ensures that only authorized users can access your Microsoft 365 applications and data.
How to set up MFA in Microsoft 365
Microsoft 365 allows users to access MFA through verification codes, phone calls, or through the Microsoft Authenticator app. Admins can use any of three options to set up MFA in Microsoft 365: security defaults, conditional access, and legacy per user. Each will be fully explained in the next section.
By turning on Microsoft 365’s security defaults, you will enable pre-configured security settings provided by Microsoft to help protect your business from identity-related attacks. This will include automatically enabling MFA for all user accounts, including admins.
Turn on security defaults by:
This option will allow you to create your own specific policies with the security requirements that your business needs, e.g. evaluating user sign-ins to determine if they will be granted access. MFA requirements can also be assigned based on group memberships, rather than configuring the settings for individual users.
Enable MFA with conditional access by:
To apply to the new policy, navigate over to Cloud Apps or Actions from the previous Users and Groups page.
Legacy per user MFA
Setting up MFA via legacy per user is the most time-consuming option, as you will have to configure each individual user account settings.
Configure the user’s settings by:
- Logging into the Azure portal with Global Admin Credentials.
- Navigating to Azure Active Directory > Users > All Users.
- Selecting Multi-Factor Authentication.
Each of your users will be in one of three states regarding MFA: disabled, enabled, and enforced. Microsoft recommends waiting for your users to register before changing the statuses.
- Find the user you want to enable MFA for, and check the box beside their name.
- Under Quick Steps, choose enable or disable, and confirm your choice in the pop-up window.
Configuring MFA strengths
Once you have set up multi-factor authentication, you can manage the strengths. Microsoft allows up to 15 custom MFA strength creations, so ensure you have planned out your groups and strength customizations.
Create custom MFA strength by:
Customize your Microsoft security with expert assistance
Managing MFA strengths in Microsoft 365 can be a daunting task. It requires knowledge of the various authentication methods, their respective strengths and weaknesses, and an understanding of the different levels of security they provide.
As a certified Microsoft Partner, Technology Solutions can advise you on the best MFA strength settings for your business needs, and manage your entire M365 environment for maximum security and performance. Talk to them today and find out more.