What is the least disruptive way to enforce MFA? #M365AMA

In this episode, the #M365AMA panel discusses the following community question:

“I have a company that currently does not have 2fa enabled. What will be the least disruptive way to enable it for them? One of my concerns is that a lot of folks may not remember their passwords. If I enable the 2fa will they be able to use all of their apps or will they be forced to sign in after 2fa is enabled. Would the easiest thing be to send a company wide email with the link to the 2fa page for them to register and just deal with any forgotten passwords at that point? Thanks for any tips!”

Check out the discussion here:

 

Participating in this discussion were:

• Christian Buckley @buckleyplanet 
• Norm Young @stormin_30
• Mike Nelson @mikenelsonIO
• Kirsty McGrath @kirstymcgrath13

Some relevant notes/links shared by the team:

• Tutorial: Secure user sign-in events with Azure AD Multi-Factor Authentication [https://learn.microsoft.com/en-us/azure/active-directory/authentication/tutorial-enable-azure-mfa]
• From Microsoft Security, also check out “How to implement Multi-Factor Authentication (MFA)” [https://www.microsoft.com/en-us/security/blog/2020/01/15/how-to-implement-multi-factor-authentication/]
• A nice overview of best practices by Paul Moore at Delinea [https://delinea.com/blog/mfa-best-practices]