Enforcing Multi-Factor Authentication for All Users [CHK-1327]
This check verifies whether multi-factor authentication (MFA) is mandatory for all users in your Microsoft 365 Tenant.
Rationale
MFA provides an additional layer of security by requiring multiple methods of authentication before access is granted. This makes it difficult for an attacker who has gained access to a password to log in. This check ensures MFA is enabled for all users, including those with administrative rights who have access to sensitive data and systems.
Fix
An automated fix is available through Attic.
Manual steps:
- Navigate to Entra ID portal at https://entra.microsoft.com
- Go to Conditional Access > Policies
- Click "New policy"
- Name the policy "Attic - MFA Policy"
- Under "Assignments > Users", select "All users"
- Under "Assignments > Cloud apps", select "All cloud apps"
- Under "Access controls > Grant", select "Grant access" and check "Require multifactor authentication"
- Set "Enable policy" to "On"
- Click "Create"
Impact
Enforcing MFA for all users enhances the security of your Microsoft 365 Tenant by making it harder for attackers to gain unauthorized access.