Is MFA included in Office 365 Exchange Online Plan 1?

Not applicable

I'm having a hard time finding out whether or not MFA functionality is included in O365 Exchange Online P1 for users logging in to the e-mail environment.


If anybody knows, I'd also like to know where it's mentioned in official Microsoft Office 365 documentation.

17 Replies

Based on this, I’d say yes it is:


“Today we’re adding Multi-Factor Authentication for Office 365 to Office 365 Midsize Business, Enterprise plans, Academic plans, Nonprofit plans, and standalone Office 365 plans, including Exchange Online and SharePoint Online. This will allow organizations with these subscriptions to enable multi-factor authentication for their Office 365 users without requiring any additional purchase or subscription.”

That's a great news article from 2014! I can't seem to find it explicitely in a more current service description, though.


Agreed, a more recent reference would be good, can’t see any mention in service descriptions, product literature or documentation, this was the closest: 


Q: Is there a free version of Azure Multi-Factor Authentication?

In some instances, yes.

Multi-Factor Authentication for Office 365 users offers a subset of Azure MFA features at no cost for access to Office 365 services, including Exchange Online and SharePoint Online. This offer applies to users who have an Office 365 license assigned, when the corresponding instance of Azure Active Directory doesn't have the full version of Azure MFA through an MFA license, a bundle, or a standalone consumption-based provider.

Thanks for the reply, it just isn't 100% clear to me whether or not a user licensed solely for Exchange Online P1 is also implied when talking about "Office 365 users" in this context.
best response confirmed by VI_Migration (Silver Contributor)

I thought that too, I am reasonable sure though at this point that plan does include MFA but you might have to contact Microsoft directly somehow to get a definitive answer. From the product page there is a contact us option, in the UK at least, either via phone or with a form, or you could try asking via support perhaps if you already have Office 365.

The answer is yes. To login to any Office 365 app you are being authenticated by Azure AD. And MFA is a key part of 'Azure AD Free', which is what you get with any Office 365 licence.

@Deleted @Brian Reid Hello guys, stumbled across this question today in my org. and did a search which led me here. I also sent a advisory to Microsoft just in case and the response I got is that MFA is not included in the EXO plan 1 or 2 as you don't get AAD in those subscriptions.

@ChristianBergstromJust helped a friend setup an EXO P1 and was able to register MFA and it works.




@glenmcleroy Thanks for your feedback Glen! As I'm not a "license guy" I sent my question to Microsoft and that was the response I got. I have to say I wasn't particular happy with the answer as I requested information how one could use EXO without being authenticated by AAD (as @Brian Reid highlighted as well). No response... just "AAD not included". But then again, the Premier support keeps on disappointing me.

If that's the answer you got then they are wrong. Azure AD is the directory for Exchange Online, so you cannot have EXO without AAD. You can use PTA or ADFS or 3rd party federation service to authenticate EXO and the rest of M365 but you really need good reasons for this, and not being sure of what the product contains is not a good reason. MFA is included in AAD Free and you should turn on the combined registration wizard for MFA as well and get a better and newer experience that the picture posted above which is the old experience. If you are looking for guidance and help in the direction of what to do, how and why around this and the rest of M365 then get in touch, we help businesses all over the world navigate Microsoft 365

@Brian Reid Exactly! Thanks Brian. Imagine my frustration with "Premier support" questioning the same things you're explaining and not getting a proper response, nor being escalated to someone who actually knows what they are talking about. The reason I posted here is that I wanted to share what I got as a response to the topic. I am not about to use EXO plan 1.


Have a great weekend. Cheers!

@Brian ReidThanks for your previous answers. One of our customers currently is planning to migrate from Exchange on-premises to Exchange Online Plan 1 (EXO P1). EXO service comes with SLA. Microsoft publishes SLA for all Online Services here. I was wondering if you could clarify the following questions:

1. What Azure AD edition will customer get after buying EXO P1: AAD FREE or OFFICE 365 APPS?

2.  If the answer on first question is AAD FREE, how it correlates with the circumstance that Azure AD comes with no SLA? So it turns out the SLA regulated service depends on service with no SLA?

Hey, thanks for the reply to the topic! I later on stumbled across this page which explained things better (for me at least).
Hey all,

I am currently trying to get clarification from Microsoft on:
1. Which Office/Microsoft 365 plans include the "Office 365 Apps" Azure AD tier. Depending on which Microsoft KB article I'm looking at, it says it either is included with E3 and E5 only, or E1 and up.

2. Does this Office 365 Apps tier grant users the right to use the per-user MFA (As opposed to just Security Defaults which I'm trying to avoid). Again, not clear and several articles touch on this but conflict and are not explicit.

3. What is the future of per-user MFA? Everywhere per-user is documented, it's referenced that it's not recommended and to use either Security Defaults or pay for P1/P2 and use Conditional Access. It sounds like they are planning to phase per user out but there has been no official word about that.
@SergeyC - Azure AD Free, and even if EXO has an SLA, AAD Free does not. They are different products and if you buy EXO you are not buying AAD Free, you just get it included.
cmessina85 - avoid per user MFA. Go for Security Defaults unless you buy EMS/AAD P1 or 2. The article I posted up near the top of this thread and reposted later on by someone else outlines what you get. Security Defaults are easy, block legacy auth, give 14 days to setup MFA and enforce MFA on risk. Brilliant and simple. If you need rules and conditions, buy AADP1

@Brian Reid Hello again, I appreciate your input on this and it seems as if your replies are reflecting what I've learned reading about it. I'm not about to implement or purchase EXO Plan 1, just want to know more about how the licensing works and what's included. Unfortunately there isn't any official documentation that REALLY explains this properly and I suppose that's why we're having this conversation. We know how it works "under the hood" (technically) but as for the license part that's a bit tricky. I'm trying to get a proper response from Microsoft as another member posted as well, let's see what the outcome is. When previously talking to the support they had no clue so this time I turned to sales and waiting for response.