After providing in preview an Azure Active Directory (Azure AD) Conditional Policy to request MFA for administrator accounts (which by the way is now GA), Microsoft is providing 3 new pre-configured conditional access policies in preview:
- Baseline policy: End user protection, to help protecting your end-users. It will require Azure Multi-Factor Authentication (MFA) during risky sign-in. Leaked credentials are blocked until a password reset occurs. This policy will require your end-users to register for MFA within 14 days
- Baseline policy: Block legacy authentication, is a preconfigured policy to block all legacy authentication based applications (Office 2013 [unless you have deployed the required registry key for modern auth], Office 2010, POP-IMAP clients (like Thunderbird), legacy Lync/Skype for Business client and native Android mail client
- Baseline policy: Require MFA for Service Management, will require MFA for all service management access (administration portal, PowerShell, Azure Cli)
These policies are available for activation (and configuration as you can define users exclusion) from your Azure AD portal (https://aad.portal.azure.com) or Azure portal (https://portal.azure.com) in the Conditional Access configuration blade
Important as always with Conditional Access, it is highly recommended to first pilot and test these policies before a wider go-live 
.
