Skip to main content
日本語 简体中文 繁體中文

About Mandatory Multi-Factor Authentication (MFA) Setup for Microsoft 365 / Entra ID

Target

  • Customers using Microsoft 365

Notes

  1. The enforcement of multi-factor authentication is a Microsoft specification. For detailed specifications, please contact Microsoft directly.
  2. The content of this article is based on information as of May 2026.
    For the latest information, please contact Microsoft.

Details

We have confirmed that Microsoft is currently notifying administrators using Microsoft 365 about the mandatory configuration of multi-factor authentication (MFA).

This article provides frequently asked questions and answers regarding the impact of this requirement on Access Control usage.

1. By when do I need to take action?+

Please refer to the following:
Mandatory multi-factor authentication plans for Azure and other management portals (external link)

2. Which services are affected?+

Please refer to the following:
Mandatory multi-factor authentication plans for Azure and other management portals (external link)

3. Are all users affected?+

Currently, we have confirmed that only administrator users are affected.

4. What happens if I do not configure multi-factor authentication by the deadline?+

Users will not be locked out, but once enforcement begins for the tenant, a message may appear prompting you to enable MFA.
For more details, please refer to the following:
Mandatory multi-factor authentication plans for Azure and other management portals (external link)

5. After enabling multi-factor authentication, when will authentication be required?+

The timing depends on whether the domain is federated between HENNGE Access Control and Microsoft 365.

If federated

  1. Sign-in screen for Microsoft 365, etc.
  2. Login process for HENNGE Access Control
  3. Multi-factor authentication
  4. Sign-in complete

If not federated

  1. Sign-in screen for Microsoft 365, etc.
  2. Authentication via Authenticator
  3. Sign-in complete

6. If I have configured HENNGE multi-factor authentication, do I still need to configure Microsoft multi-factor authentication?+

If both of the following conditions are met, configuration is not required.

  1. Check the federation status using the steps below and confirm that the target domain has the status [Federated].
    * [Federated (Legacy)] is not applicable.
    [Access Control] How to check federation status (Microsoft 365)

    If not configured, you can set it up using the following steps.
    [Access Control] Federation setup with Microsoft 365

  2. Authentication to Access Control is performed using one of the following methods:
    • Using OTP (including HENNGE Lock push notifications) for authentication
    • Using a device certificate or tenant shared certificate for authentication, and manually entering a password