Forum Discussion

Ruslan Husainov's avatar
Ruslan Husainov
Copper Contributor
Jul 18, 2016

Azure MFA for specific Office 356 services.

Hello!

Is it possible to enable Azure MFA for particulat SharePoint Online site collections? But other Office 365 should not use it.  ADFS is in place.

Thanks!

    • prashantguptag's avatar
      prashantguptag
      Brass Contributor

      Is there any news on forcing externals to use MFA when they will access externally shared sites? Right now the challenge is we cannot enforce MFA on external users and MFA can be enabled only for licensed users.

      Azure B2B is in public preview but I am assuming that this capability will be available as part of Azure B2B GA. So question mark is if it will be then will it also be applicable when Azure B2B is not used and only external sharing feature is used?

      • Nils van Woensel's avatar
        Nils van Woensel
        Copper Contributor

        Azure MFA is a AD Premium feature, so indeed requires a license.

        When combined with the link Vishal shared you can activate MFA if loggin on the SharePoint.

        You can add your company's external IPs as trusted, so they will not require MFA to login.

        All other public IP networks require MFA to login for SharePoint.

         

        It is also possible if you have ADFS with the MFA server installed to configure the Conditional Access for SharePoint, so Azure will notify ADFS that is should have a second factor auth for login.

        On ADFS side you cannot differentiate on the O365 relying party between Exchange or SharePoint or other services as Microsoft just sends the information you are trying to login to "Microsoft Online", so this has to be configured at the Azure side.

Resources