Search code examples
azureazure-active-directoryazure-authenticationazure-security

Enable MFA for external Global Admins AzureAD free

Trying to enable MFA for all Global Admin accounts in Azure AD.

When navigating in Azure portal to AzureAD->Users->All Users->Multi-Factor Authentication->Global Administrators,

What I see is a list of all Global Admins, but the checkboxes are all greyed out and clicking a greyed out user shows side pane without enable button. Only one that is not greyed out is the subscription user whose email ends with *.onmicrosoft.com The others are external invited users.

I think we are using free AzureAD version. (non premium)

https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing

This docs page says it should be possible to enable it.

Am I missing something or is this intended?

Solution

  • You should go to Azure AD blade, then to Security, then to Conditional Access, then select Baseline policy: Require MFA for admins (Preview) and enable it

    enter image description here