Multi-factor authentication means you and your employees must provide more than one way to sign in to Microsoft 365 is one of the easiest ways to secure your business.
Go to the admin center at https://admin.microsoft.com.
Select Show All, then choose the Azure Active Directory Admin Center.
Select Azure Active Directory, Properties, Manage Security defaults.
Under Enable Security defaults, select Yes and then Save.
Next time the selected employees sign in, they'll be asked to set up the Microsoft Authenticator app on their phones for a second form of authentication. See our article, How to Use Microsoft Authenticator on Your Smartphone for Multi-Factor Authentication (MFA).
Add Additional Security Steps
Decrease the Cached Token Time: Office 365 allows users to remember their devices for a certain number of days upon sign-in. Under MFA settings, click on Service Settings to modify the number of days. Non-web applications use hourly refresh tokens. Every time a non-web token is used, it is checked against the previously set number of days. These apps normally check every 90 days. By decreasing this number, the security of all logons is increased.
Inspect the MFA Reports on a Regular Basis: To address any problems, an administrator must verify MFA history. The Microsoft Azure portal offers reports for administrators to see how and when MFA is used. Locate the reports in the Azure portal and Azure Active Directory. Key information is contained in the sign-ins activity report. This allows an administrator to understand when MFA is challenged, what methods are used, and any other issues that may occur.