Forum Discussion

Jez Blight's avatar
Jez Blight
Copper Contributor
Jan 20, 2018

Office 365 Admins and MFA - Restrict to use App only, not allow SMS or voice?

Hi, I'm wondering if it's possible in Office 365 w. E3 licence to setup MFA for Admins so the only authentication method they can use is app only (e.g. Azure Authenticator), not SMS or voice. All other non- admins should be able to use any method.
Does anyone know a way to do this? The articles I've read indicate that MFA is global for all users no matter what privilege they hold, but there must be a way?
Thanks in advance
  • Nope. You can disable specific methods, but the configuration will indeed apply to all users.

  • PBeiler1's avatar
    PBeiler1
    Steel Contributor

    I setup my O365 E3 IDs individually turning off/on MFA for each ID.  Since Microsoft has released PowerShell modules that accept MFA connection for Exchange and Skype, I've found MFA workable for Admin IDs.

     

    I have also found Outlook on the desktop and Skype 2016 on the desktop ... to work nicely with MFA.  I had to change a MFA setting in Exchange and Skype, because my O365 setup has been around since the beginning and the setting was turned off by default.

Resources