Posted on

Microsoft MFA : Enabled or Enforced

Multi Factor Authentication (MFA)

Microsoft recommends using multi factor authentication for global tenant administrators. If you don’t do this, 60 days after the last reminder from Microsoft, the tenant is deactivated.

Warning: it’s not enough to activate 2-factor authentication … you also have to use it.

Enabled or Enforced

The problem is that activation is not enough. In fact, after activating the user, he must also log in with the MFA: at this point the user’s status changes from Enabled to Enforced.

You don’t have to have Global Admin with MFA in Enabled status but only in Enforced status.