Final answer:
To enforce MFA at sign-in for Microsoft Entra, Conditional Access policies should be used. They provide the ability to set conditions that mandate MFA, ensuring an additional layer of security during user authentication.
Step-by-step explanation:
To require users to use Multi-Factor Authentication (MFA) to sign in to Microsoft Entra, you should use Conditional Access policies. Conditional Access is part of the Microsoft Entra suite and is designed to provide granular control over how and when users can access resources. By setting up a Conditional Access policy, you can define conditions under which users are required to perform multi-factor authentication. This enhances security by ensuring that an additional layer of verification is present beyond just the traditional username and password.
Options such as Password Protection, Azure AD Identity Protection, and Privileged Identity Management also play important roles in identity and access management, but for the specific task of enforcing MFA at sign-in, Conditional Access is the correct choice.