Skip to main content

Security is essential for every organization, so you should configure Multi-Factor Authentication (MFA) for every user in the Microsoft 365 tenant. Not only that but there are also other MFA options you need to enable to improve MFA security. In this article, you will learn how to configure per-user MFA in Microsoft 365.

Per-user MFA vs. Azure AD MFA

Per-user MFA and Azure AD MFA are excellent for securing the user’s login. It’s recommended to configure Azure AD Multi-Factor Authenticatio instead of per-user MFA (this article).

Note: Only configure one of the below MFA methods, and don’t configure both simultaneously. Doing this will give the users sign-in issues.

Per-user MFA

With per-user MFA, you don’t have a lot of options to configure, and you can only enforce, enable, and disable MFA for the users. The good thing is that it’s free.

Azure AD MFA

It requires you to have Azure AD Premium plan 1 or 2. With Azure AD MFA, you will create a Conditional Access policy and have many options to configure MFA for the users, which is excellent. Also, Microsoft adds more and more features to these CA policies.

Move from per-user MFA to Azure AD MFA

Suppose you already have configured per-user MFA and have an Azure AD Premium plan 1 or 2 but have not yet moved to Azure AD MFA. See the article Move from per-user MFA to Conditional Access MFA.

Configure Microsoft 365 per-user MFA

To configure per-user MFA in Microsoft 365, follow these steps:

Step 1. Sign in to Microsoft 365 admin center.

Step 2. Navigate to Users > Active users > Multi-factor authentication.

Configure per-user MFA in Microsoft 365 admin center

Step 3. Click on service settings at the top.

Configure per-user MFA in Microsoft 365 service settings

Step 4. Go to the section verification options and select the methods you want to make available to the users.

Configure per-user MFA in Microsoft 365 verification options

Step 5. Click on users at the top. Select the checkbox to select all the users on the page and click Enable.

Note: Suppose you have more than one page and must go through all the pages. It’s faster to Enable MFA Office 365 with PowerShell.

Important: Keep MFA for service accounts disabled or add the IPs to the MFA service settings page to skip multi-factor authentication.

Configure per-user MFA in Microsoft 365 enable

Step 6. Click on enable multi-factor auth.

Configure per-user MFA in Microsoft 365 enable multi-factor auth

Step 7. Click close.

Updates succesful

Step 8. Select the checkbox to select all the users on the page and click Enforce.

Configure per-user MFA in Microsoft 365 enforce

Step 9. Click on enforce multi-factor auth.

Configure per-user MFA in Microsoft 365 enforce multi-factor auth

Step 10. Click close.

Updates succesful

Step 11. Multi-factor authentication status shows Enforced for all users.

Configure per-user MFA in Microsoft 365 Enforced status

That’s it! You did successfully configure per-user MFA in Microsoft 365 and made the organization safer by adding an additional layer of security. This prevents breaches that result from brute force attacks and compromised credentials.

From now on, the users need to configure MFA when they sign in. If they already did that, they will get a prompt to fill in the MFA request.

Leave a Reply