How to Check if MFA is Enabled in Office 365 for Users. With most businesses (especially enterprises) relying on heavy usage of email communication, it is obvious that sensitive data is also a part of the shared content. All in all, remote work across the globe is managed primarily through Office (Microsoft) 365 using emails, Teams, Skype, etc. for collaborative working.
According to the Sans Software Security Institute data, about 99.9% of cyber attacks can be prevented simply by enabling MFA.
Importantly, multi factor authentication helps in saving critical data from cyber threats. According to a study, cloud services experience over 300 million fraudulent sign in attempts every day. In Office 365, MFA serves to secure email accounts as well as Office 365 accessibility with additional security where the sign in approval needs additional device authentication, such as an OTP on the registered mobile device.
With an added layer of protection using a physical factor, location factor, time zone factor, etc. MFA—
- Saves your accounts from potential credential threats.
- Protects your passwords from identity attacks.
- Delivers a smooth user experience.
- Verifies the user identity and secures the account from any unauthorized access.
Well, shall we start with How to Check if MFA is Enabled in Office 365 for Users?
What Is Office 365 MFA?
Firstly, Office 365 MFA (Multi Factor Authentication) is a method of identifying and authenticating users who have access to your organization’s Office 365 services.
It requires that users enter their phone number, or other unique identifiers, to log in to their account. This helps in preventing your mail accounts from any kind of phishing or cyber attacks.
Think of it as an additional layer of security that helps protect your organization from unauthorized access or use of your accounts. It adds an extra step for anyone attempting to access your account by using any of your credentials, including those associated with a mobile device or computer.
(Microsoft) Office 365 offers you robust multi factor authentication software right out of the box which prevents any further possible damages in case a brute force attack (or any other form of cyber attack) happens on users’ passwords. And no additional extra payment is required for this security feature.
Purpose Of Enabling Office 365 MFA
Security
Importantly, it enhances the security of user accounts and secures crucial business and personal information by using a conditional access method. About 61% of data breaches happen due to unauthorized access to user accounts.
Usability
Additionally, MFA limits the use of passwords. A user has an access to about 40 mobile apps, and remembering all the passwords can be a hassle. As per a 2023 report, about 73% of the passwords are duplicates, which makes it easier for cyber attackers to hack into user accounts.
Compliance
MFA helps in fulfilling the compliance with rules and regulations of various organizations which helps in reducing the audit findings as well as minimizing potential fines.
Types Of Office 365 MFA Status
Microsoft 365 MFA uses Azure Active Directory for its authentication which is a default setting.
Four Available Authenticators
Microsoft Authenticator App
It generates time based one time passwords. As a form of the sign in process, you receive a text or a time sensitive code on your device for authentication purposes.
SMS
Basically, this authentication procedure allows you to sign in to your account without any password or username. You are required to enter your phone number for signing in which then sends a text or a code to the registered number.
OATH Token
It is an application like the Microsoft Authenticator App. A secret key is generated by the Azure AD which has to be entered into the app.
Voice
This is the process involving voice call authentication where you sign in to the account by entering a code received on the voice call on the registered number.
Types Of MFA Status
- Enabled — MFA is enabled when you are enrolled into the per user Azure AD multi factor authentication, but your registration is incomplete. In this case, you are prompted to complete the registration during the next sign in attempt using mediums such as a Web browser.
- Enforced —This MFA status suggests that you have been enrolled post registration completion. The users who complete the registration by providing multi factor authentication details in the ‘Enabled’ category, automatically get updated in the ‘Enforced’ category.
- Disabled — This is a default multi factor authentication setting.
How To Check If MFA Is Enabled In Office 365 For Users?
Please note that to be able to view the page for MFA setup or to turn it on, you must be the admin of the tenant. If you have the global admin account, then you have all the required permissions.
Method 1
- Go to your browser and visit https://Office.com
- Sign in to the account and click on ‘Admin’.
- Click on ‘Users’.
- Select ‘Active Users’ and click on the ‘Multi Factor Authentication’ option at the top of the page.
Image Source: ManageEngine
- This takes you to the MFA portal where you can check which users it has already been enabled for.
- If the MFA hasn’t been enabled, you can select the users and enable it.
Method 2
Please note that this requires Azure AD Premium License for accessibility.
- Sign in to your account and go to the ‘Admin Center’.
- From the options given on the left, click on ‘Azure Active Directory’.
- Click on ‘All Services’. Through this, you can look into Azure AD conditional access.
- If the ‘New Policy’ option is greyed out, it suggests that you require Azure AD Premium License to be able to create conditional access.
- If you have the required license, you will be able to select the ‘New Policy’ option.
- Once selected, check for the policies that are set up with MFA as a requirement.
Method 3
Please note that this method does not require any additional license and is available by default for all tenant accounts.
- Sign in to your account and go to the ‘Admin Center’.
- Click on ‘Azure Active Directory’.
- Go to ‘Properties’.
- Select ‘Manage Security Defaults’.
- If this option is set to ‘Yes’, it would mean that the MFA is enabled for the tenant.
Method 4
Use InfraSOS portal to check the status of your Azure AD users MFA status. Run reports on all your Office 365 / Azure AD users and get details on your users MFA status, authentication methods used, if they have registered strong auth or passwordless authentication and more: Try InfraSOS
Check if Office 365 MFA is Enabled using InfraSOS Reporting Tool
Try us out for Free, Access to all features. – 200+ Azure AD Report templates Available. Easily customize your own AD reports.
What Is MFA Report In PowerShell?
Steps For Getting Insight(s) Into MFA Status Using Powershell
- Install Azure Active Directory with PowerShell and connect to it.
Steps To Install Azure Active Directory:
- Run Windows PowerShell as administrator. Click on the Windows PowerShell command prompt.
- Run ‘Install-Module MS Online’.
- If a prompt of ‘NuGet Provider’ appears, type ‘Y’ and enter.
- If the prompt of installing from the PSGallery appears, type ‘Y’ and enter.
- As an Administrator, start Windows PowerShell and use the cmdlet ‘Connect-MsolService’.
The ‘Connect-MsolService’ command establishes a connection to Azure Active Directory.
To be able to use the existing user credentials, specify the credential as ‘PSCredential Object’ or ‘CurrentCredential’ parameters. (If the version is out of date, a warning message might appear.)
For example, PS C:\> Connect-MsoLService is the command that initiates a connection with Azure Active Directory.
- Prepare the PowerShell script ‘Get-MFAReport’ (which helps to show users who are without MFA authentication).
- Make two folders: Temp, and Scripts.
- Download the PowerShell script report of Get-MFAReport.ps1 (Source: Ali Tajran) and place it in the Scripts folder.
- By changing the path to the Script folder, get the MFA report for all users by running the above mentioned script.
An OutGrid view appears with all the users and the details regarding the multi factor authentication status page.
- The script exports the CSV file to the Temp folder.
Thank you for reading How to Check if MFA is Enabled in Office 365 for Users. We shall conclude this article now.
How to Check if MFA is Enabled in Office 365 for Users (Conclusion)
Certainly, it takes only one account to be hacked for an entire critical data of a company to be compromised. With higher risks comes the aggressive need for robust data security software. Despite this potential threat, as per Weinert’s report, the adoption rate of MFA by enterprise cloud users is only 11%.
Undeniably, MFA is a great way to add an extra layer of security to your Microsoft (Office) 365 account, and keep your information safe. It’s also used in many other applications like Google, DropBox, and others.
Enabling MFA ensures better security and protection of intellectual property heading down the supply chain to your customer, and also helps in reducing the amount of damage that could occur in the event of a breach.
It has been estimated that cybercriminals hold nearly 15 billion stolen credentials which they use to capture bank accounts, phone data, company records, healthcare data, and more. Finally, MFA makes this theft nearly impossible with its multi layered conditional access system.
Try InfraSOS for FREE
Invite your team and explore InfraSOS features for free
- Free 15-Days Trial
- Easy Setup
- Full Access to Enterprise Plan
