This article demonstrates how to enforce 2FA for users of Azure and Office 365. Depending on your license levels, you may not get all the settings that Microsoft article recommend, so this article covers the bare minimum.
Microsoft has an overarching enforcement settings which needs to be set (although it might already be set) to ensure staff/members of your organization sue 2FA.
So you should check the following:
- Set the Azure-level settings to the correct defaults. See this article “https://learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide”.
- Login to “office.com” and go to the Admin section. Select Users (left menu), Active Users. Click the Multi-Factor Authentication button. Alter users’ 2FA settings here.
- Test if staff are being correctly requested for 2FA when logging in. Remember, Microsoft used contextual and other factors to determine when to prompt for 2FA.