Step | Details |
---|---|
1. Log into the Azure Portal | Go to the Azure Portal and log in using your administrator credentials. |
2. Navigate to Azure Active Directory | Once logged in, search for Azure Active Directory in the search bar, or select Azure Active Directory from the left-hand navigation menu. |
3. Open the Security Settings | In the Azure Active Directory page, scroll down to the Security section and click on Security. |
4. Enable Azure AD Multi-Factor Authentication |
Under the Security section, select Conditional Access.
In Conditional Access, choose Named locations to set trusted IP addresses (optional), or go directly to Policies to create your MFA policy.
|
5. Create a Conditional Access Policy for MFA |
Click on + New policy to create a new conditional access policy.
Name the policy (e.g., "Enforce MFA for Admins").
Assignments:
Access controls: Under Grant, select Require multi-factor authentication. Enable Policy: Ensure the policy is enabled, then click Create. |
6. Configure MFA Registration Requirements |
In the Security section, go to Identity Protection and select MFA registration policy. Enforce Require MFA registration for administrators, ensuring that they are required to register for MFA the next time they sign in. |
7. Test the Policy | Log out and log in with one of the administrator accounts. You should now be prompted to set up MFA if it's your first time logging in after enforcement. |
8. Monitor and Troubleshoot | Use the Sign-ins logs under Azure Active Directory > Monitoring to monitor MFA enforcement and troubleshoot any login issues related to MFA. |