cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Office 365 Admins and MFA - Restrict to use App only, not allow SMS or voice?

Jez Blight
Copper Contributor

‎Jan 20 2018 01:48 AM

‎Jan 20 2018 01:48 AM

Office 365 Admins and MFA - Restrict to use App only, not allow SMS or voice?

Hi, I'm wondering if it's possible in Office 365 w. E3 licence to setup MFA for Admins so the only authentication method they can use is app only (e.g. Azure Authenticator), not SMS or voice. All other non- admins should be able to use any method.
Does anyone know a way to do this? The articles I've read indicate that MFA is global for all users no matter what privilege they hold, but there must be a way?
Thanks in advance
30.5K Views
0 Likes
6 Replies
Reply
6 Replies
Vasil Michev

‎Jan 20 2018 12:00 PM

‎Jan 20 2018 12:00 PM

Re: Office 365 Admins and MFA - Restrict to use App only, not allow SMS or voice?

Nope. You can disable specific methods, but the configuration will indeed apply to all users.

0 Likes
Reply
Jez Blight

‎Jan 20 2018 11:21 PM

‎Jan 20 2018 11:21 PM

Re: Office 365 Admins and MFA - Restrict to use App only, not allow SMS or voice?

Hi Vasil, thanks for confirming. Is there any 2FA solution you could recommend trying? Thanks again,
0 Likes
Reply
Vasil Michev

‎Jan 21 2018 11:15 AM

‎Jan 21 2018 11:15 AM

Re: Office 365 Admins and MFA - Restrict to use App only, not allow SMS or voice?

The Server (on-premises) version of Azure MFA allows you to configure the default method for each user, so if you block all others the will only be able to use the app. However, the block settings will again apply to all users.

0 Likes
Reply
Paul Beiler

‎Jan 22 2018 08:14 AM

‎Jan 22 2018 08:14 AM

Re: Office 365 Admins and MFA - Restrict to use App only, not allow SMS or voice?

I setup my O365 E3 IDs individually turning off/on MFA for each ID.  Since Microsoft has released PowerShell modules that accept MFA connection for Exchange and Skype, I've found MFA workable for Admin IDs.

 

I have also found Outlook on the desktop and Skype 2016 on the desktop ... to work nicely with MFA.  I had to change a MFA setting in Exchange and Skype, because my O365 setup has been around since the beginning and the setting was turned off by default.

0 Likes
Reply
Kevin Taber

‎Jan 21 2019 02:02 PM

‎Jan 21 2019 02:02 PM

Re: Office 365 Admins and MFA - Restrict to use App only, not allow SMS or voice?

Where is the setting found to restrict globally to mobile app? I don't want to involve SMS text messages or phone calls.

0 Likes
Reply