Feedback by UserVoice

How can we improve the tenant admin features O365?

enable office 365 MFA by default for all new users

Feature Request: Structural Integrity Associates is an office365 E3 tenant that has recently deployed Multi Factor Authentication MFA too all users in our organization. We are looking for a way to set the default MFA settings to "enabled" for all new users. It would also be nice to configure a number as default to get new users up and running before they have a company cell phone. For example, input a company main office phone number or issupoprt phone to allow MFA before they get a company cell phone.

587 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Tyler Harris shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    19 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Matthew Prentice commented  ·   ·  Flag as inappropriate

        This should be a default tenant-wide setting. Using Conditional Access with the AAD Premium Plans shouldn't be required to enable MFA for all by default.

      • Anonymous commented  ·   ·  Flag as inappropriate

        Computers are here to make our lives easier, Administrators should be able to set default settings for just about everything that office 365 can do. Currently this is a manual process and requires a lot of effort to keep up to date. It should be something we set and forget.

      • Jon commented  ·   ·  Flag as inappropriate

        And also requires Global Admin to setup this privilege. So if I have an HR person that can do limited functions to add/remove people... Now I have to give Global Admin privileges because there is no way to ENABLE for all new accounts.

      • Anonymous commented  ·   ·  Flag as inappropriate

        A basic feature that most other applications already have, this needs to be available

      • Alan Kemball commented  ·   ·  Flag as inappropriate

        Fully agree with other comments - should be possible to set this as a default at tenant level. Conditional access will work - but requires additional licenses.

      • ESKONR commented  ·   ·  Flag as inappropriate

        You can also look at identity protection to enable mfa by default to all users or conditional access with mfa to all users.

      • Andrew Thompson commented  ·   ·  Flag as inappropriate

        This should be a setting that is configured at the Tenant, allowing admins to either turn it on/off for all new users at their discretion.

      • Alex commented  ·   ·  Flag as inappropriate

        Please up-vote this idea! We need this to be enabled by default!

      • Anonymous commented  ·   ·  Flag as inappropriate

        I've found that you can setup a conditional access rule to require MFA which sort of gets around this problem.

      • Renaud commented  ·   ·  Flag as inappropriate

        Such an important feature missing in order to implement MFA tenant wide.

      • Steve Minar commented  ·   ·  Flag as inappropriate

        Love this idea and I'm surprised it's not implemented already. Microsoft Best Practices call for MFA for all users. This should be a tenant level setting. There is no good reason to have a long laundry list of Office 365 admin steps required to onboard a new user. Office 365 could really use a fresh look at basic administration user experience.

      Feedback and Knowledge Base