Forum Discussion
Office 365 Admins and MFA - Restrict to use App only, not allow SMS or voice?
Does anyone know a way to do this? The articles I've read indicate that MFA is global for all users no matter what privilege they hold, but there must be a way?
Thanks in advance
6 Replies
I setup my O365 E3 IDs individually turning off/on MFA for each ID. Since Microsoft has released PowerShell modules that accept MFA connection for Exchange and Skype, I've found MFA workable for Admin IDs.
I have also found Outlook on the desktop and Skype 2016 on the desktop ... to work nicely with MFA. I had to change a MFA setting in Exchange and Skype, because my O365 setup has been around since the beginning and the setting was turned off by default.
Nope. You can disable specific methods, but the configuration will indeed apply to all users.
Where is the setting found to restrict globally to mobile app? I don't want to involve SMS text messages or phone calls.
- Never mind... I found it here:
https://docs.microsoft.com/en-us/office365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide
- Hi Vasil, thanks for confirming. Is there any 2FA solution you could recommend trying? Thanks again,
The Server (on-premises) version of Azure MFA allows you to configure the default method for each user, so if you block all others the will only be able to use the app. However, the block settings will again apply to all users.
