“You must enable multi-factor authentication (MFA) to schedule or terminate attacks. Learn more about enabling MFA.“

I wanted to play with the Attack Simulator in the Office 365 Security & Compliance Admin Portal – but with the enabling MFA warning, none of the ‘Launch Attack’ buttons were available to use. I’ve already set up MFA via Conditional Access though, so why am I seeing this?

At a guess, I wondered if it was actually detecting if MFA was used to log in. It wasn’t because the request was coming from a trusted IP address, which I’d configured in my test tenant to make it a bit less painful.

My hunch was right, I signed in elsewhere, went through MFA and look, the buttons now work:

Bit of a misleading warning – your MFA rules might be completely fine, so try signing in with MFA first before going to the Simulate Attacks page.