MFA for one email account with several users
Client runs four shifts with support staff who work from home. Each group of four team members has a single 365 mailbox, and usage passes from one team member to another as the shifts change. For each group, client wants to implement 2FA with Authenticator on the phones of each team member, i.e. four phones authenticating one email account. But this used to be barred for business (‘work and school’) accounts.
DAK what is the current position (and is this documented anywhere?), and if it is still barred what is the best way forward?
Hi Decomplexity
You can add multiple authenticator app 'instances' on a single account. If you decide to go the push notification way, be aware all registered authenticator apps for that account will get the notification which is something you may wish to avoid.
In that case choose to go the app with code direction. Here you have the choice to have all four devices share the same 'instance' (the 6 digit code will be the same on all devices) or you can create a separate instance for each phone (each 6 digit code will be different). The latter being more secure.
You can find some more detailed information here (article is from 2019 so the screenshots are from the 'old' registration experience but the principle is still valid.
Using multiple authenticator apps with a single Microsoft 365 user account – CIAOPS