2 minutes reading time (376 words)

Conditional Access Policy - Require MFA for All Users

This conditional access policy will enforce MFA for all users when accessing Office 365 apps

Create a new Conditional Access policy

Requiring MFA for all users is a good baseline security policy to have enabled. This conditional access policy requires all users to use multi factor authentication (MFA) when logging into Office 365 apps, when enabled it will apply to all users including guests and admins

Microsoft Azure Portal

Azure Active Directory - Security

Conditional Access

New policy

Define the Conditional Access policy settings

First we need to specify the policy settings for users - who will the policy be applied to? And who will be excluded from the policy?

Name: Require MFA for All Users
Include: All users

Exclude - select one admin account

In this section we will define which cloud apps will be included or excluded from the policy

Cloud apps: All cloud apps

Next we specify the policy conditions for client apps

Conditions - Client apps

Configure: Yes
Modern authentication clients - select all

And last of all we define what controls are required to grant access

Access controls - grant access
Require multi-factor authentication

 Monitor sign-ins and then enable the policy

Enable the policy in report-only mode so you can monitor the Azure AD sign-in logs and that that the policy is working as expected.
Once you're happy that the policy is working OK, you can enable it

Related Posts



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, 23 September 2023
You can help support this website by buying me a coffee!
Buy Me A Coffee