Hi, I'm wondering if it's possible in Office 365 w. E3 licence to setup MFA for Admins so the only authentication method they can use is app only (e.g. Azure Authenticator), not SMS or voice. All other non- admins should be able to use any method. Does anyone know a way to do this? The articles I've read indicate that MFA is global for all users no matter what privilege they hold, but there must be a way? Thanks in advance
The Server (on-premises) version of Azure MFA allows you to configure the default method for each user, so if you block all others the will only be able to use the app. However, the block settings will again apply to all users.
I setup my O365 E3 IDs individually turning off/on MFA for each ID. Since Microsoft has released PowerShell modules that accept MFA connection for Exchange and Skype, I've found MFA workable for Admin IDs.
I have also found Outlook on the desktop and Skype 2016 on the desktop ... to work nicely with MFA. I had to change a MFA setting in Exchange and Skype, because my O365 setup has been around since the beginning and the setting was turned off by default.