This Microsoft Office 365 security tip covers one of the best settings you can do, but might get you in the doghouse with your users: multifactor authentication (MFA). Face it, using passwords alone can be dangerous. If a single password is cracked, attackers could have their way in your system and you’d probably not be alerted to their access. Enabling Azure MFA for Office 365 users ensures that if access occurs from an unusual location, it will be blocked until the user provides additional verification.
Too often end users reuse the same username and password on various websites. They might use their normal domain password on multiple websites. Think your domain isn’t at risk now? Try out a sample username and password on the site haveibeenpwned to see if you are already at risk. This site is set up by a security researcher and sites such as Github use it to check on the quality of passwords.
You can set up MFA on individual users or for all users. If you’d like all users, you can set it up from Microsoft’s Secure Score site. To enable MFA on Office 365 admin site go to the Microsoft Admin Portal, and then go to “Users”, “Active users”. Choose “More” and then “Multifactor Authentication setup”. If you are not a global admin you won’t see the “More” option.
I’m assuming that you will choose multifactor authentication with cloud services only and not by setting up a local authentication server, but you may review your options and requirements before setting up your options.