Enforce Multi-Factor Authentication for Administrators [CHK-1328]
This check ensures that multi-factor authentication (MFA) is enforced for all administrators in your Microsoft 365 Tenant.
Rationale
Enforcing MFA for administrators enhances security by adding an extra layer of protection. It can help prevent unauthorized access, even if passwords are compromised.
Fix
An automated fix is available through Attic.
Manual steps:
- Navigate to the Entra ID portal at https://entra.microsoft.com.
- Go to Conditional Access > Policies.
- Click "New policy".
- Name the policy "Attic - Admin MFA Policy".
- Under "Assignments > Users", select "Directory roles" and choose all administrator roles.
- Under "Assignments > Cloud apps", select "All cloud apps".
- Under "Access controls > Grant", select "Grant access" and check "Require multifactor authentication".
- Set "Enable policy" to "On".
- Click "Create".
Impact
Once this fix is implemented, all administrators will be required to use MFA, thereby enhancing the security of your Microsoft 365 Tenant.
More Information
For more information about MFA and its benefits, visit the Microsoft MFA Guide.