How to verify that users are set up for mandatory MFA
Article
This topic covers steps to verify that users in your organization are set up to meet requirements to use MFA to sign in to Microsoft admin portals. For more information about which applications and accounts are affected and how the rollout works, see Planning for mandatory multifactor authentication for Azure and other admin portals.
Verify MFA for a personal account
A user might use their personal account to create a Microsoft Entra tenant for only a few users. If you used your personal account to subscribe to Azure, complete the following steps to confirm that your account is set up for MFA.
Sign in to your Microsoft account Advanced security options.
Under Additional security and Two-step verification choose Turn on.
All users who access admin portals and Azure clients that require MFA must be set up to use MFA. Mandatory MFA isn't restricted to privileged roles. As a best practice, all users who access any administration portal should use MFA.
Use the following steps to verify that MFA is set up for your users, or to enable it if needed.
Sign in to Azure portal as a Global Reader.
Browse to Identity > Overview.
Check the license type for the tenant subscription.
Follow the steps for your license type to verify MFA is enabled, or enable it if needed. To complete these steps, you need to sign out as a Global Reader, and sign back in with a more privileged role.
Verify MFA is enabled for Microsoft Entra ID P1 or Microsoft Entra ID P2 license
If you have a Microsoft Entra ID P1 or Microsoft Entra ID P2 license, you can create a Conditional Access policy to require MFA for users who access Microsoft admin portals:
Verify MFA is enabled for Microsoft 365 or Microsoft Entra ID Free
If you have a Microsoft 365 or Microsoft Entra ID Free license, you can enable MFA by using security defaults. Users are prompted for MFA as needed, but you can't define your own rules to control the behavior.
If you don't want to use security defaults, you can enable per-user MFA. When you enable users individually, they perform MFA each time they sign in. An Authentication Administrator can enable some exceptions. To enable per-user MFA:
Multifactor authentication helps secure your environment and resources by requiring that your users confirm their identity by using multiple authentication methods, like a phone call, text message, mobile app notification, or one-time password. You can use multifactor authentication both on-premises and in the cloud to add security for accessing Microsoft online services, remote access applications, and more. This learning path provides an overview of how to use multifactor authentication as part of a cyber