Menu 

How to Set Up and Configure Multi-Factor Authentication in the Office 365 Admin Center – Rebuild

How to Set Up and Configure Multi-Factor Authentication in the Office 365 Admin Center – Rebuild

By Zach Gafford– Systems Engineer– Intrinium

How to Set Up and Configure Multi-Factor Authentication in the Office 365 Admin Center

We recommend activating and configuring your multi-factor authentication to ensure you are optimizing your cybersecurity for your Office 365 platform. Before beginning, it is important to identify who your Office 365 Global Administrators are, these users will only have the permissions to proceed with the following steps.

  1. You must be an Office 365 global admin to do these steps.
  2. Go to the 
  3. Go to Users > Active users.
  4. Choose More > Setup Azure multi-factor auth. If you don’t see the More option, then you aren’t a global admin for your subscription.
  5. Find the people for whom you want to enable MFA. In order to see everyone, you might need to change the Multi-Factor Auth status view at the top.The views have the following values, based on the MFA state of the users:
    • Any Displays all users. This is the default state.
    • Enabled The person has been enrolled in MFA, but has not completed the registration process. They will be prompted to complete the process the next time they sign in.
    • Enforced The person may or may not have completed registration. If they have completed the registration process, then they are using MFA. Otherwise, they will be prompted to complete the process the next time they sign in.
  6. Select the check box next to the people for whom you want to enable MFA.
  7. On the right, under quick steps, you’ll see Enable and Manage user settings. Chose Enable.
  8. In the dialog box that opens, choose enable multi-factor auth.

Configure Multi-Factor Authentication

  1. Sign into Office 365 with your work account with your password like you normally do. After you choose Sign in, you’ll see this page:
  2. Choose Next
  3. Choose Mobile App as your authentication method and then click Setup.
  4. Download the Mobile App for your device and follow the on-screen instructions.
  5. After you verify your alternative contact method, choose Next.
  6. You’ll get an app password that you can use with Outlook, Apple Mail, etc. Choose the copy icon to copy the password to your clipboard. You won’t need to memorize this password.
  7. Once you complete the instructions to configure the Mobile App, the next time you sign into the Office 365, you’ll be prompted on your mobile device to sign-in.


Allow MFA users to create App passwords for Office client Apps

MFA is enabled per user. This means that if a user has MFA-enabled, they won’t be able to use a non-browser client, such as Outlook 2013 with Office 365, until they create an app password. An app password is a password that is created within the Azure portal and that allows the user to bypass MFA and continue to use their application.

All Office 2016 client applications support MFA through the use of the Active Directory Authentication Library (ADAL). This means that app passwords aren’t required for Office 2016 clients. However, if you find that this is not the case, make sure your Office 365 subscription is enabled for ADAL. Connect to Exchange Online PowerShell and run the following command:Get-OrganizationConfig
| Format-Table name, *OAuth*

If you need to enable ADAL, run the following command:Set-OrganizationConfig
-OAuth2ClientProfileEnabled:$true

  1. You must be an Office 365 global admin to do these steps.
  2. Go to the 
  3. Go to Users > Active users.
  4. Choose More > Setup Azure multi-factor auth. If you don’t see the More option, then you aren’t a global admin for your subscription.
  5. On the multi-factor authentication page, choose service settings.
  6. Under app passwords, choose Allow users to create app passwords to sign into non-browser apps.
  7. People can then use client Office apps after they create a new password.
  8. Choose Save, then choose Close.
  9. Manage MFA user settings
    You must be an Office 365 global admin to do these steps.
  10. On the multi-factor authentication page, select the check box next to the people you want to manage.
  11. On the right, under quick steps, choose Manage user settings.
  12. In the Manage user settings dialog box, select one or more of the following options:
    • Require selected users to provide contact methods again
    • Delete all existing app passwords generated by the selected users
    • Restore multi-factor authentication on all remembered devices
  13. Choose Save, then choose Close.

Bulk update users in MFA

You can bulk update the status for existing people by using a CSV file. The CSV file is used only for enabling or disabling MFA, based on the user names present in the file. It is not used to create new users.

  1. You must be an Office 365 global admin to do these steps.
  2. On the multi-factor authentication page, choose bulk update.
  3. In the Select a CSV file dialog box, choose Browse for file.
  4. Browse for the file that contains the updates, then choose Open. The column headings in your file must match the column headings in the following example:
  5. Choose the Next arrow.
  6. After the file is verified, choose the Next arrow to update the accounts.
  7. When the process is finished, choose the Done checkmark.

 

 

Submit a Comment

Pin It on Pinterest

Share This