February 3, 2025
Multifactor authentication (MFA) is remarkably effective at blocking cyberattacks. How effective? Well, it’s often difficult to get stats on things that didn’t happen, so here’s what did: According to Microsoft’s data, over 99.9% of compromised accounts weren’t using MFA.
That’s why it’s typically required in order to qualify for cybersecurity insurance, and many businesses are starting to grow wary of working with other businesses that don’t use it. Fortunately, Microsoft has made it relatively easy for businesses to enable it for all users in Entra. In this blog, I’ll show you how.
What Is Microsoft Entra?
Microsoft product names evolve along with their capabilities. So basically, Microsoft Entra ID is a new version of Azure Active Directory that provides user authentication and authorization for Microsoft services.
Essentially, it can help you implement MFA to make sure that only authorized users can access your sensitive information — even if their login credentials have been compromised.
How To Enable MFA for Users in Microsoft Entra
Here’s your step-by-step guide. Keep in mind that as Microsoft continues to update its tools, your steps may vary slightly.
- Log In to Entra ID
- Select Security
- In your Entra ID admin center, click Security in the menu on the left
- Select MFA, then Manage, and then click Multi-Factor Authentication
- Select the users you’d like to include (I’d recommend including all)
- Click Enable
How To Customize and Configure Your Microsoft MFA Setup
Microsoft Entra ID will allow you to offer some flexibility to your users on which MFA methods work best for them. Some methods of MFA are more secure than others, however. And considering the recent news regarding the Chinese telecom hack, you might want to get pickier about phone and SMS options for your most sensitive accounts.
- Log in to Entra ID
- In your portal, click on Identity
- Select Users and then Authentication Methods
Here, you can set up a default MFA method and select which methods are usable and not usable by your users.
Setting Up MFA on a Per-User Basis
We normally advise our clients not to use per-user MFA, as security is important for all users! However, there is a way to set up MFA for some users, but not all, and see who’s using it and who isn’t.
From the admin center, go to Identity, Users, and choose All Users. Then click Per-User MFA, where you’ll see a complete list of user accounts and their MFA status to the right.
Setting Up Conditional Access
You can also control when and how MFA will be required based on things like user location, app, and more.
From the admin center, click on Protection and Conditional Access and then select +New Policy to see your options.
Which Methods Can Be Used To Implement Multifactor Authentication?
You can verify your identity by using something you know (like a PIN), something you own (like a device), or something you are.
Here’s how that translates into MFA methods:
- Text (SMS messaging), which sends a one-time passcode to a verified user’s device
- Email authentication, which sends a link or passcode to a verified email address
- App-based authentication, which uses an app to generate passcodes
- Biometric authentication, using fingerprint or facial recognition technology
Email authentication is considered less secure than text-based authentication (although that could change due to the telecom hack); app-based or biometric authentication is considerably more secure.
Additional Tools To Evaluate Your Organization’s Cybersecurity Posture
We do have a new service that focuses on securing your Microsoft environment. It’s a good fit for organizations that may not need fully managed IT, but need to upgrade their managed detection and response (MDR) capabilities for Microsoft 365 cloud services, add backup and recovery options for M365 apps, and receive help desk support and simplified license management.
Our cybersecurity experts at Marco have also created an interactive checklist so it’s easy to see exactly where you’re at and which updates are needed to bring you up to speed. Click the link below to get started!
