fbpx
MSPMagic > Documentation > Settings Documentation > Azure Active Directory > Set Per-User Multi-Factor Authentication

Documentation

Set Per-User Multi-Factor Authentication

Introduction #

MFA helps protect you by adding an additional layer of security, making it harder for bad actors to log in as if they were you.

We recommend per-user MFA be set to enforced for all user accounts.

User Impact #

High
By setting per-user MFA to enforced the user will be prompted to configure their MFA during their next time they connect to any services via modern authentication. All applications which authenticate using basic authentication protocols will be unable to connect until they have created and applied App Passwords.

Note: Guest users are not enforced for MFA using this setting.

Admin Portal Reference #

  1. Sign in to the Azure portal as an administrator.
  2. Search for and select Azure Active Directory, then select Users > All users.
  3. Select Multi-Factor Authentication from the Users window in Azure AD.
  4. A new page opens that displays the user state.
  5. Find the user you want to enable for per-user Azure AD Multi-Factor Authentication.
  6. Check the box next to the name(s) of the user(s) to change the state for.
  7. On the right-hand side, under quick steps, choose Enable, then Enforce.

If Action is set to Notify #

We report the setting is compliant if the users MFA state matches the parameter in MSPMagic. NOTE: If you have set the parameter to Enable and the users MFA status is Enforce, the user will be marked as compliant.

We report the setting is non-compliant if the users MFA state does not match the parameter in MSPMagic. NOTE: If you have set the parameter to Enable and the users MFA status is Enforce, the user will be marked as compliant.

If Action is set to Enforce #

We report the setting is compliant if the users MFA state matches the parameter in MSPMagic. NOTE: If you have set the parameter to Enable and the users MFA status is Enforce, the user will be marked as compliant.

We report the setting is compliant-fixed if the users MFA state did not match the parameter in MSPMagic but was changed to match. NOTE: If you have set the parameter to Enable and the users MFA status is Enforce, the user will be marked as compliant.

High Impact

Get Started!

The first three tenants are free! No credit card required.

Sign Up