Microsoft 

Step-by-step guide

Enable the security defaults in Azure AD

  1. Sign in to the Azure portal / https://portal.azure.com/ as a security administrator, Conditional Access administrator, or global administrator.

  2. Browse to Azure Active Directory > Properties. Or enter the keyword Azure Active Directory at the search box to open the page.

  3. Select Manage security defaults.

  4. Set the Enable security defaults toggle to Yes.

  5. Select Save.
    Screenshot of the Azure portal with the toggle to enable security defaults


Setup the Multi-Factor Authentication
- Please prepare the Multi-Factor Authentication app (like Google Authenticator, Microsoft Authenticator, and so on) and download it or the device which use to receive the SMS authentication code.

  1. When users sign in to an application or service and receive an MFA prompt, they can choose from one of their registered forms of additional verification. Users can access My Profile / https://myprofile.microsoft.com/ to edit or add verification methods.
  2. Select the Security info on the left navigation menu to add and configure it.
    Or browse the link / https://mysignins.microsoft.com/security-info
  3. Click the Add sign-in method to start the process.
    Select the authentication method by clicking Choose a method option.


    In this example, it shows a non-Microsoft Authenticator app screen. But, all steps are almost like Microsoft Authenticator.


  4. In this screen, If using Microsoft Authenticator then click the Next button. If using another Authenticator app please select I want to use a different authenticator app.


  5. Click the Next button to process the next step.


  6. Open the Authenticator app and scan the code. Then, click the Next button.


  7. Enter the 6-digit code shown in the Authenticator app and click the Next button. 


  8. If the Security info page show the Authenticator app record that mean all settings completed.


Remember Multi-Factor Authentication

  1. In the Azure portal / https://portal.azure.com/, search for and select Azure Active Directory, and then select Users.
    Or search Users at the search box.


  2. Select Per-user MFA.
  3. Under multi-factor authentication at the top of the page, select service settings.

  4. On the service settings page, under remember multi-factor authentication, select Allow users to remember multi-factor authentication on devices they trust.

  5. Set the number of days to allow trusted devices to bypass multi-factor authentications. For the optimal user experience, extend the duration to 90 or more days.

  6. Select Save.