Enable per-user Microsoft Entra multifactor authentication video tutorial: https://www.youtube.com/watch?v=kw28X0c5ZwE
Step 1: Enable Modern Authentication in Office 365
Step 2: Disabling Office 365 Basic Authentication
Step 3: Enable per-user Microsoft Entra multifactor authentication
Step 4: Users need to Set up your Microsoft 365 sign-in for multi-factor authentication
The modern authentication framework adds an extra layer of security for users logging in to their Microsoft 365 resources from client apps. In addition, this framework allows for the activation of multi-factor authentication (MFA). Without enabling Modern Authentication Outlook client app will not work with multifactor authentication.
Reference Link: https://www.nakivo.com/blog/enable-modern-authentication-office-365/
- Log in to the Microsoft 365 admin center.
- In the left navigation pane, expand Settings and then click Org settings.
- Under Services, choose Modern authentication.
- Select the Turn on modern authentication for Outlook 2013 for Windows and later (recommended) checkbox.
- Click Save.
Without disabling Basic Authentication Outlook client app will not work with multifactor authentication. After enabling modern authentication in Office 365, you can now disable the basic authentication protocols. However, you need to make sure that no users benefit from it. Follow these steps to check if anyone is using basic authentication:
- Open your Microsoft Azure account.
- Access the Azure Active Directory.
- Choose Sign-in logs in the left navigation pane.
- Change Date range to Last 7 days or more.
- Click Add filters.
- Select Client app then click Apply.
- Click on the newly created filter Client app.
- Tick all boxes under Legacy Authentication Clients
- Click Apply.
This list includes all sign-in events with their corresponding users and applications. Before you disable basic authentication, you can migrate all these applications to the modern authentication protocols so you would not lose them.
After completing step 1 and step 2, now we can enable multifactor authentication.
1. Sign in to the Microsoft Entra admin center as at least an Authentication Administrator.
2. Browse to Identity > Users > All users.
3. Select Per-user MFA.
4. Check the box next to the name(s) of the user(s) to change the state.
5. On the right-hand side, under quick steps, choose Enable
1. Sign in to Microsoft 365 with your work or school account with your password like you normally do. After you choose Sign in, you'll be prompted for more information.
2. Choose Next.
3. The default authentication method is to use the free Microsoft Authenticator app. If you have it installed on your mobile device, select Next and follow the prompts to add this account. If you don't have it installed there is a link provided to download it.
If you would rather use SMS messages sent to your phone instead, select I want to set up a different method. Microsoft 365 will ask for your mobile number, then send you an SMS message containing a 6-digit code to verify your device.
4. Once you complete the instructions to specify your additional verification method, the next time you sign in to Microsoft 365, you'll be prompted to provide the additional verification information or action, such as typing the verification code provided by your authenticator app or sent to you by text message.
