2. Review and Modify Your Verification Settings
Default settings are an excellent starting point for MFA, but it’s wise to understand all options. Some authentication methods are more secure than others, and it may be advisable to enable only those that improve the security posture. Under MFA settings, click on Service Settings to modify verification settings. With the increasing prevalence of SIM swap exploits, disabling the SMS verification method may increase security.
3. Decrease the Cached Token Time
Office 365 allows users to remember their devices for a certain number of days upon sign-in. Under MFA settings, click on Service Settings to modify the number of days. Nonweb applications use hourly refresh tokens. Every time a nonweb token is used, it is checked against the previously set number of days. These apps normally check every 90 days. By decreasing this number, the security of all logons is increased.
4. Inspect the MFA Reports on a Regular Basis
To address any problems, an administrator must verify MFA history. The Microsoft Azure portal offers reports for administrators to see how and when MFA is used. Locate the reports in the Azure portal and Azure Active Directory. Key information is contained in the sign-ins activity report. This allows an administrator to understand when MFA is challenged, what methods are used and any other issues that may occur.