Microsoft 365 / Azure – Where to start with Security implementation for my Tenant – part 1 – Is MFA enabled?

Why Multi Factor Authentication
Why Multi Factor Authentication

Hi All,

Greetings for the day!!!

We always talk about SECURITY of our tenant and of course why not, since which is one of the most critical aspect for my organization. I observed / realised that it is always confusing point from where to start implementing SECURITY for my organization. What features should I look into so to make sure things are in place and my tenant is secured

Microsoft suggests following top 10 ways to secure our organization’s business data

SECURITY = Top 10 ways to secure our organizations business data
fig : SECURITY = Top 10 ways to secure our organizations business data

First and simple step, I will go for MFA – one of the easiest option to secure my organization / company / tenant

Take away from this article

  • Understand what is MFA
  • Why MFA
  • How to enable MFA for individual users from Microsoft 365 admin center
  • How to enable MFA for bulk users from Microsoft 365 admin center
  • Enabling MFA for individual users using PowerShell
  • Detailed references related to MFA

MFA

Multi Factor Authentication
fig : MFA poster from Microsoft
  • WHY MFA
    • Identity-related attacks like password spray, replay, and phishing are common in today’s environment
    • More than 99.9% of these identity-related attacks are stopped by using multifactor authentication (MFA) and blocking legacy authentication
    • Ensuring that all organizations have at least a basic level of security enabled at no extra cost
Why Multi Factor Authentication
fig : Why Multi Factor Authentication

NOTE :

Either we can use SECURITY DEFAULTS or CONDITIONAL ACCESS POLICIES to set up MFA. We can not use both the methods together

Available verification methods

  • When we (users) sign in to an application or service and receive an MFA prompt, we can choose from one of registered forms of additional verification.
    • Smart phone – Microsoft Authenticator smart phone app – Microsoft recommends this
    • Fingerprint, face or other biometric attribute
    • Windows Hello for Business
    • FIDO2 security key
    • OATH hardware token
    • SMS
    • Voice Calls

There is very good table provided by Microsoft (https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/multi-factor-authentication-microsoft-365?view=o365-worldwide ) – having details like Plan / Recommendation / Type of Customer as

PlanRecommendationType of customer
All Microsoft 365 plansUse security defaults, which require MFA for all user accounts. You can also configure per-user MFA on individual user accounts, but this isn’t recommended.Small business
Microsoft 365 Business Premium Microsoft 365 E3Use security defaults or Conditional Access policies to require MFA for user accounts based on group membership, apps, or other criteria.Small business to enterprise
Azure Active Directory (Azure AD) Premium P1 licenses
Microsoft 365 E5 Azure AD Premium P2 licensesUse Azure AD Identity Protection to require MFA based on sign-in risk criteria.Enterprise
Table : Microsoft 365 plans for MFA

REFERENCES

Feel free to discuss about MFA with us or you want to implement MFA in your organization

Prasham Sabadra

LIFE IS VERY BEAUTIFUL :) ENJOY THE WHOLE JOURNEY :) Founder of Knowledge Junction and live-beautiful-life.com, Author, Learner, Passionate Techie, avid reader. Certified Professional Workshop Facilitator / Public Speaker. Scrum Foundation Professional certificated. Motivational, Behavioral , Technical speaker. Speaks in various events including SharePoint Saturdays, Boot camps, Collages / Schools, local chapter. Can reach me for Microsoft 365, Azure, DevOps, SharePoint, Teams, Power Platform, JavaScript.

You may also like...

2 Responses

  1. Yogesh Meher says:

    Thanks for sharing valuable article

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: