Enable Multi-Factor Authentication (MFA) for your Organization

This article describes how to set up multi-factor authentication (MFA) for Office 365 users. You get a free version of Azure multi-factor authentication as part of your Office 365 for business subscription.

Note: You must be an Office 365 global admin to set up or modify multi-factor authentication.

If you have previously set up MFA with baseline policies, you must turn them off and turn on security defaults (recommended). However, if you have Microsoft 365 Business or your subscription includes Azure Active Directory Premium 1, or Azure Active Directory Premium 2, you can also set up conditional access policies. To use conditional access policies, you need to make sure modern authentication is enabled.

Manage security defaults

  1. Sign in to admin center with your Global admin credentials.

  2. Go to Azure Active Directory Properties.

  3. At the bottom of the page, choose Manage Security defaults.

  4. Choose Yes to enable security defaults and No to disable security defaults.

Move from baseline policies to security defaults

  1. In the admin center, select Setup.

  2. Next to Sign-in and security, under Make sign-in more secure, select View.

  3. Under Make sign-in more secure, select Manage.

  4. On the Azure portal Conditional Access - Policies page, choose each Baseline policy that is On, and set them to Off.

  5. Go to Azure Active Directory Properties page.

  6. On the bottom of the page, choose Manage Security defaults, and in the Enable Security defaults pane, set Enable Security defaults toggle to Yes.

Enable Modern authentication for your organization

All Office 2016 client applications support MFA through the use of the Active Directory Authentication Library (ADAL). This means that app passwords aren't required for Office 2016 clients. However, you need to make sure your Office 365 subscription is enabled for ADAL, or modern authentication.

  1. To enable modern authentication, from the admin center, select Settings > Settings and then in the Services tab, choose Modern authentication from the list.

  2. Check the Enable modern authentication box in the Modern authentication panel.

    Modern authentication panel with enable checkbox checked.

Enable multi-factor authentication for your organization

  1. In the admin center, select Users and Active Users.

  2. In the Active Users section, Click on multi-factor authentication.

  3. On the Multi-factor authentication page, select user if you are enabling this for one user Or you can perform a Bulk Update.

  4. Click on Enable under Quick Steps.

  5. In the Pop-up window, click on Enable Multi-Factor Authentication.

After you set up multi-factor authentication for your organization, your users will be required to set up two-step verification on their devices.


Source: https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide