#FAQFriday: How to Enable Multifactor Authentication for Office 365 Global Admins

Multifactor Authentication aka MFA is a hot topic these days with Microsoft Office 365, Azure, and Microsoft Secure Score. Frequently, we are asked for security engineering, implementations, or advice for how to enable MFA for Global Admins. It is often a top priority listed for many Office 365 Secure Score reports, with values up to 50 points.

MFA helps to keep cloud accounts more secure by requiring an additional level of authentication, making sure that the account that is logged in is:
     *  An actual person, and not a robot, script, or malicious code; and
     *  The same person must respond via an automated call, text, email, or apply authentication via smartcard, biometric device or code.

How can I enable MFA for Office 365 Global Admins?

Summary Steps:
To enable MFA for a Global Admin or group of Global Admins, in the Office 365 Admin console, click on Users | Active Users | More (top menu) | Multifactor Authentication Setup | (wait for the MFA window to pop-up) | Click to Enable the user(s) | Click on Enable Multi-Factor Authentication.

Steps Break-down:

  1. Log into Office 365 as a Global Admin.                                                                                                                       
  2. In the Admin Console, click on Users | Active Users.  
     3.    Click on the More tab. Then click Multifactor Authentication setup.
     4.   The Multifactor Authentication window will appear.

     5.    In the VIEW pull-down, choose Global Administrators. 
     6.   Highlight the accounts that you’d like to add Multifactor Authentication to (notice on the right column is the MFA Status). Option: You can also click the checkmark on the top (left next to Display Name) to choose all the Global Admins for MFA enablement.
     7.   Once highlighted, click on Enable. The "About Enabling Multi-Factor Auth" box will pop-up.      
     8.   Click the Enable Multi-factor Auth option.                                                                            
      9.   Then, if successful, you will see the "Updates Successful" window, and you can verify the      MFA enabled accounts in the View. The MFA status column is on the right.

     10.   Allow a few minutes to replicate. Then click on CLOSE and test with the desired account.

     11.  Good Luck!  
Note: This can be activated for any users as well. To enable MFA for non administrative accounts, repeat steps 1 through 4, and select "Sign-in allowed users" under View. Then select the user(s) you wish to enable for MFA.