Introduction #
Require multi-factor authentication for privileged administrative accounts to reduce risk of compromise.
This policy will target the same roles as Security Default
Targets #
Standard Tenant Administrator Roles
User Impact #
MEDIUM
This policy will specifically target Tenant Administrators to enforce MFA
Basics #
Template Category: Identity Protection (Security Defaults)
Assignments #
| Includes Directory Roles | – Global administrator – Application administrator – Authentication administrator – Billing administrator – Cloud application administrator – Conditional Access administrator – Exchange administrator – Helpdesk administrator – Password administrator – Privileged authentication administrator – Privileged role administrator – Security administrator – SharePoint administrator – User administrator |
| Excluded | – None |
Cloud Apps or actions
| Cloud Apps | – All apps |
Access Controls #
Grant
| Grant | – Require multi-factor authentication |
