Thinking about moving to a more secure model of User Verification is a great idea especially these days. Office 365 and Azure AD provide the means to increase security for users using either 2-step verification or AzureAD MFA.
Multi Factor Authentication. What is it anyway? Typically it is
- Something you know (could be a password)
- Something you have (a trusted device like a phone)
- Something you are (biometrics; Your face or fingerprint)
Why is MFA important?
The security of two-step verification lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user’s password, it is useless without also having possession of the additional authentication method. It works by requiring two or more of the following authentication methods
AzureAD and MFA
What Authentication Methods are available with Azure MFA
- Notification through mobile App like Microsoft Authenticator
- Verification code from mobile App like Microsoft Authenticator
- Call to phone
- Text message to phone
The Microsoft Authenticator App can be configured on both iOS and Android devices
Which environments support an Azure MFA set up?
- Cloud-only identity with modern authentication
- Hybrid identity scenarios
- On-premises legacy apps published for cloud access
For a full list and summary of supported scenarios see this Article
What license is required to set up Azure MFA for users?
- MFA for Office 365 works exclusively with Office 365 applications and can be set up to provide 2 step verification
- Azure MFA is a feature of Azure Active Directory Premium licensing
- MFA for Azure AD Administrators
Feature comparison of versions can be found HERE