Set up your users with multifactor authentication
Appropriate roles: Global admin
We strongly recommend that all partners enable Microsoft Entra multifactor authentication (MFA) for their users in their partner tenant.
- We need everyone in our ecosystem to act and ensure appropriate security protections are in place. The Global Administrator or the Security Administrator can enable MFA for all users by enabling security defaults.
- CSP partner tenants can enable conditional access, to allow fine-grained control over access policies based on various conditions such as user roles, device state, location, and application sensitivity. You can create custom policies tailored to your organization's specific needs.
- To learn more, see how to create a conditional access policy for all users.
- Greater privacy safeguards and security are among our top priorities.
- Prevention is the best defense, and we're only as strong as our weakest link.
Add multifactor authentication for your users
It's easiest to enable MFA at the tenant level and all across all from Microsoft Entra admin center. See how to enable Microsoft Entra multifactor authentication for your tenant and all users.
Policy configuration
For more information, see how to configure MFA registration policy
- Sign in to the Microsoft Entra admin center as at least a Security Administrator.
- Select Protection > Identity Protection > MFA registration policy.
- Under Assignments > Users:
- Under Include, select All users or Select individuals and groups if limiting your rollout.
- Under Exclude, select Users and groups and choose your organization's emergency access or break-glass accounts.
- Select Enforce Policy - On.
- Select Save.
Next steps
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for