Author | Jef Meijvis | Publish date | 25/10/2023 |
Title | Enabling 2FA for your Microsoft tenant! | Id | 20 |
Source | 020-enabling-2FA.md | Render timestamp | Dec 06, 2023, 06:08:31 AM (GMT+1) |
Views | 35 | Tags | Security |
Author | Jef Meijvis |
Publish date | 25/10/2023 |
Title | Enabling 2FA for your Microsoft tenant! |
Id | 20 |
Source | 020-enabling-2FA.md |
Render timestamp | Dec 06, 2023, 06:08:31 AM (GMT+1) |
Views | 35 |
Tags | Security |
Share this post:
Multi-factor authentication, or 2-factor authentication in this case, requires users to provide more than a single form of verification to access their accounts. In addition to entering a matching email and password combination, users must also present a mobile phone device or a biometric factor to gain entry into their environment. Common second factors are using a SMS text message, a mobile phone authenticator app, a fingerprint scan or a face scan using Windows Hello.
Image: Microsoft Multi Factor Authentication (MFA)
Adding an additional authentication factor is an important first step in creating a safe and secure working place. Below is a quick overview on how to enable MFA for your Microsoft 365 environment.
Login to the Azure Portal via portal.azure.com. We will be making changes to the security settings of our Microsoft tenant through the portal.
When logged in to the Azure Portal, search for the 'Microsoft Entra ID' service.
Entra ID is the new name of Azure Active Directory. When found, click on the service to open up its dedicated page. s
Image: Search for Entra ID
On the left hand side there will be a blade menu, where we will select the 'Properties' menu item.
Image: Entra ID Properties
On the bottom select 'Manage security defaults', and turn on the toggle button. This will enable a list of best practice security defaults for your Microsoft environment.
Image: Enable security defaults
As of 2023, these security defaults include 5 topics that are relevant for most situations:
All users are given a 14-day window to register through the Microsoft Authenticator app or any app supporting OATH TOTP. Once the 14-day period elapses, users will be unable to sign in until the registration process is finalized. The 14-day countdown for a user begins subsequent to their initial successful interactive sign-in after activating security defaults.
Administrators have increased access to your environment. Because of the power these highly privileged accounts have, you should treat them with special care. One common method to improve the protection of privileged accounts is to require a stronger form of account verification for sign-in, like requiring multifactor authentication.
We tend to think that administrator accounts are the only accounts that need extra layers of authentication. Administrators have broad access to sensitive information and can make changes to subscription-wide settings. But attackers frequently target end users.
To give your users easy access to your cloud apps, we support various authentication protocols, including legacy authentication. Legacy authentication is a term that refers to an authentication request made by:
After you enable security defaults in your tenant, any user accessing the following services must complete multifactor authentication:
Microsoft made it really easy to enable sensible defaults, that offer a great baseline protection to your Microsoft environment for all users. All we had to do was toggle a switch to enable these defaults for the entire organization.