Conditional Access Policy - Require MFA for All Users
This conditional access policy will enforce MFA for all users when accessing Office 365 apps
Create a new Conditional Access policy
Requiring MFA for all users is a good baseline security policy to have enabled. This conditional access policy requires all users to use multi factor authentication (MFA) when logging into Office 365 apps, when enabled it will apply to all users including guests and admins
Microsoft Azure Portal
https://portal.azure.com
Azure Active Directory - Security
Conditional Access
New policy
Define the Conditional Access policy settings
First we need to specify the policy settings for users - who will the policy be applied to? And who will be excluded from the policy?
Name: Require MFA for All Users
Include: All users
Exclude - select one admin account
In this section we will define which cloud apps will be included or excluded from the policy
Cloud apps: All cloud apps
Next we specify the policy conditions for client apps
Conditions - Client apps
Configure: Yes
Modern authentication clients - select all
And last of all we define what controls are required to grant access
Access controls - grant access
Require multi-factor authentication
Because the policy applies to all users, make sure its enabled in report only mode for testing
Monitor sign-ins and then enable the policy
Enable the policy in report-only mode so you can monitor the Azure AD sign-in logs and that that the policy is working as expected.
Once you're happy that the policy is working OK, you can enable it
Comments