MFA or Multifactor Authentication been there for quite some time now. Everyone on the internet already used to it which provides better security on the applications over the internet.
The name describes it all, basically the MFA allows you to have more than one method of signing in to a service or application such as your Outlook.com account, Facebook or Gmail or even your e-banking login. This means, you have multiple factors to verify your identity in order to sign you in.
Beyond the traditional single password you supposed to use, MFA allows you to have more than one method to sign in such as Phone Number, Passcode in addition to the password. With this capability, even if your password was stolen, stealer won’t be able to use it to sign in to your account without knowing the phone number or passcode which is required to sign in.
Microsoft is massively investing on security and compliance day by day with lots of new improvements on these criteria’s. Yet this isn’t very new for O365, MFA for O365 was first introduced in February 2014 through this blog article.
Now let’s see how we can set this up and let our users to utilize the service in a more secure way as they waited for it.
You need to login to Office 365 as Global administrator and open up Admin Panel. New Admin Panel makes this pretty easy for us.
Before start, let’s not forget this insightful article on MFA here. you can get a good briefing through this one to get started.
Direct to Users and open up Active users in this case. Under More Dropdown, Click on “Setup Azure multi-factor auth” link. This will take you to the MFA configuration page.
Select the User you want to force MFA for.
From the right pane, click “Enable” link to enable MFA. You can perform this as a bulk operation too by selecting everyone or several.
Click “Enable” to perform the operation
Hit on “enable multi-factor auth” to start the enabling. This is just a few seconds work. Before this step, ensure that you have taken necessary actions to inform users on what they need to do when they sign in to portal next time and when using other devices.
Successful message will indicate that everything went well.
At the very next login to the portal by the selected user/s, it will prompt to insert the security code texted or given via a call on the user’s mobile phone number.
By selecting Different verification option, user/s can select whether it’s a text message or a voice call which provides the security code. Pretty simple !
Then we can Enforce the MFA. Enforcing and Enabling are two different things. You need to enable MFA first before Enforcing. Enforcing Option will only appear after enabling.
With Enforcing, you are as a admin enforcing end users to have APP Passwords for their non-browser application such as Outlook, Skype for Business or Lync.
Simply select User/s as same as we did before and click on “Enforce” Link on right pane. Click Enforce again on the prompt message.
Just in a few seconds, Success message will indicate that you are done.
Additionally, If you click on “Manage User Settings” Link on the right pane, there are few more features to ensure better security.
You can Enforce to provide contact methods for selected users again.
Delete all app passwords created by the selected users.
Or restore MFA on all devices which are remembered.
These options can be utilized in special events as you need.
Microsoft Cloud Infrastructure Technical Journal 
Thanks!
Any way to require a user to reregister for MFA via MS Graph?