Oct 12 2020
- last edited on
Jan 14 2022
a customer of us wants to improve his MFA distribution. Therefore he wants to utilize hardware tokens, but there is no decision for TOTP or FIDO2, yet. Currently the customer utilizes Office 365 E3 licenses for the end users and as the cloud strategy is not yet defined finally, he does not want to buy further "addon" licenses.
At present they have deployed basic MFA without Conditional Access. Is it possible to use any kind of hardware tokens without Azure AD Premium P1?
Thanks in advance.
Oct 14 2020 07:47 AM
@woelki Hello, how about the Authenticator app until the strategy is defined? I'm attaching a couple of links below for information about available versions of Azure Multi-Factor Authentication and their associated licenses.
Available versions of Azure Multi-Factor Authentication
What authentication and verification methods are available in Azure Active Directory?
Enable passwordless sign-in with the Microsoft Authenticator app (preview)
Oct 20 2020 01:22 PM
Hi @woelki ,
You can benefit from programmable tokens - they act as drop-in replacement of Authenticator apps:
Oct 21 2020 11:32 AM
Hi @Emin Huseynov,
thanks for the confirmation. I already know Token2, but I have not yet tested all tokens.
I already found the manual for the MFA registration with Azure AD Free.
It looks pretty forward for the most of us and it is a great idea just to ship the not marked device to the customers. But the impact on customer side is a bit bigger.