Forum Discussion
2FA vs MFA
I am trying to learn about, what seems to be, 2 separate identity methods available to users of AAD. And really, I am happy if you just send me in the right direction to read about it. I am just confused on how these are connected.
- I understand the role of MFA and in order to have it enabled for my organisation, there seems to be a dependency on my O365 license level. It seems that with this I can set organisation wide settings.
- But there seems to be a 2FA option available to anyone using AAD, for any subscriptions, where at the user level, I can enable 2FA using different technologies such as email, sms and Authenticator app.
- In addition to this, each user also have the option, in their profile to set "Additional Security verification" options.
Thank you
In the context of Azure AD, it's the same thing. You simply have different ways of enabling it, either via the old-style per-user toggle, or via conditional access and related.
- Ruka_ZillBrass Contributor
VasilMichev thanks for your reply. So are we saying that both options are the same? So the requirement for a subscription is only for providing central management?
Nowadays, "MFA" is included for all as part of Security defaults, so there's no subscription requirement. The license requirement is for Conditional Access policies, which give you a lot more granularity (and lot more controls apart from MFA), or features such as trusted locations. You can get more details here: https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing#feature-comparison-of-versions