If someone is new, he may not know it, but Microsoft gives the possibility of using MFA (Multi-Factor Authentication) for Global Administrators for free. This option is generally available. We don’t have to write to the support or run it additionally. All we have to do is indicate which global administrator should have it enabled. We can do it, for example, via the portal https://portal.azure.com.
Open AAD (Azure Active Directory), select Users from the menu on the left, and then Multi-Factor Authentication.
Now a new tab will open for us, in which we select a user who is a global administrator (for ease of use, you can choose from the menu to show us only global administrators), click ENABLE, confirm our selection and you can close.
After returning to the list of users, we will see that the status has changed to enabled.
When our global administrator logs in, he will be asked to provide the necessary information and will literally be guided through the entire process by the hand, step by step.
When the Administrator completes the multi-factor authentication process and finally logs in, his status changes from enabled to enforced.
A good option after enabling MFA is to select a checkbox when logging in from a specific device, so that it will not ask us for a second verification method for the next 30 days.
If anyone would like to learn more about Multi-Factor Authentication, I invite you to read the Microsoft documentation: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks