We recently had this question pop up on twitter (@intunesuppteam) and thought it would be good to answer here since it's not the first time it's been asked. Azure MFA can be set to “required” and enforced on a per user account to require MFA for any authentication. The Azure Portal (https://portal.azure.com) also has an option to require MFA for any admin account - see this discussion https://stackoverflow.com/questions/35559006/enabling-multi-factor-authentication-for-the-azure-port.... Lastly, Conditional Access can be set to require MFA on selected cloud services.