Enforce Multi-Factor Authentication for Microsoft 365 Users
Question
You have a Microsoft 365 subscription and Microsoft 365 E5 licenses assigned to your users.
You need to enforce all your users to register for Multi-Factor authentication.
Where should you configure this?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: D
You should create a MFA registration policy that will prompt the users to register for multi-factor authentication.
They will have 14 days to complete the registration.
![Home > Security > Identity Protection
[a] Identity Protection | MFA registration policy
P Search (Ctrl+, «
bolicy Name
© overview Multi-factor authentication registration policy
X _ Diagnose and solve problems Assignments
Protect 2 Users
& User risk policy All users
& Sign-in risk policy
Controls
© Mra registration policy
Require Azure AD MFA registration
Report
ha Risky users
D. Risky sign-ins
A. Risk detections](https://eaeastus2.blob.core.windows.net/optimizedimages/static/images/Microsoft-365-Security-Administration-(MS-500)/answer/imgckeditor_5.png)
Option A is incorrect.
This is where you configure the timeout period for two-way text messages for on premise MFA server.
Option B is incorrect.
This is where you can set certain user experience configurations.
Not related to MFA authentication.
Option C is incorrect.
This is where you can configure MFA settings scoped at users with administrator roles, such as number of methods required to reset password and authentication methods available.
To know more about the MFA registration policy, please refer to the link below:
The correct answer to this question is option B: Azure Active Directory - User settings - User features.
Multi-Factor Authentication (MFA) is a security mechanism that requires users to provide multiple forms of authentication to access their accounts. This helps protect against unauthorized access, even if a user's password is compromised.
To enforce MFA for all users in a Microsoft 365 subscription, you can configure the settings in the Azure Active Directory (AD) portal. The Azure AD portal provides a variety of settings related to user authentication and security.
Option A - Azure Active Directory - Multi-Factor Authentication - Server settings: This option is not correct because the Server settings in MFA only allow you to configure the MFA settings for on-premises applications or VPNs that are configured to use Azure MFA Server.
Option B - Azure Active Directory - User settings - User features: This option is the correct answer. The User features settings in Azure AD allows you to enable or disable features for users, such as MFA. By enabling MFA for all users, you can enforce MFA for all user accounts in your subscription.
Option C - Azure Active Directory - Password reset - Administrator Policy: This option is not correct because the Administrator Policy settings only allow you to configure the password reset policies for administrators in your organization.
Option D - Identity Protection - MFA registration policy: This option is not correct because the MFA registration policy in Identity Protection allows you to configure the MFA registration requirements for users based on risk, but it does not enforce MFA for all users.