office 365 MFA preferences

%3CLINGO-SUB%20id%3D%22lingo-sub-2242770%22%20slang%3D%22en-US%22%3Eoffice%20365%20MFA%20preferences%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2242770%22%20slang%3D%22en-US%22%3E%3CP%3Eare%20any%20of%20the%20MFA%20options%20in%20Azure%20AD%2FOffice%20365%20'risky'%20from%20a%20security%20perspective%2C%20or%20considered%20significantly%20less%20secure%20than%20the%20other%20options%20(I've%20read%20various%20conflicting%20opinions).%20If%20yes%2C%20are%20there%20ways%20to%20take%20that%20option%20away%20from%20the%20users%20during%20MFA%20registration%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20there%20are%20any%20specific%20security%20attacks%20that%20I%20could%20quote%20against%20certain%20MFA%20choices%20that%20may%20help%20build%20a%20case%20to%20warn%20users%20on%20the%20safer%20alternatives.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAlternatively%2C%20should%20all%20global%20admins%20for%20argument%20sake%20be%20using%20a%20specific%20default%20MFA%20method%20over%20others%20from%20a%20security%20perspective%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-2242770%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAdmin%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EAdmin%20App%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ECompliance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EeDiscovery%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EEducation%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EHybrid%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3Eidentity%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ETraining%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Occasional Contributor

are any of the MFA options in Azure AD/Office 365 'risky' from a security perspective, or considered significantly less secure than the other options (I've read various conflicting opinions). If yes, are there ways to take that option away from the users during MFA registration?

 

If there are any specific security attacks that I could quote against certain MFA choices that may help build a case to warn users on the safer alternatives.

 

Alternatively, should all global admins for argument sake be using a specific default MFA method over others from a security perspective?

1 Reply

@CB1 Hello, there are some really good and extensive articles on the docs about AAD MFA settings and authentication methods, and security as well. I think it's better if you read about it as it's literally too much to suggest. But I have tried to make it easier for you as the links here should answer your questions.

 

Comparison of methods

Authentication methods and features - Azure Active Directory | Microsoft Docs

Select the available MFA options for your users

Configure Azure AD Multi-Factor Authentication - Azure Active Directory | Microsoft Docs

Protect global admin

Protect your Microsoft 365 global administrator accounts - Microsoft 365 Enterprise | Microsoft Docs

Secure

Top 10 ways to secure Microsoft 365 for business plans - Microsoft 365 admin | Microsoft Docs

Secure

Top 12 tasks for security teams to support working from home | Microsoft Docs