cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Looking for specific instructions for enabling and configuring MFA for Ofice 365 users

OneTechBeyond
Iron Contributor

‎Feb 28 2020 06:23 AM - last edited on ‎Feb 01 2023 11:03 AM by

‎Feb 28 2020 06:23 AM - last edited on ‎Feb 01 2023 11:03 AM by

Looking for specific instructions for enabling and configuring MFA for Ofice 365 users

I would like to enable MFA for my Microsoft 365 clients but have a few questions about how to do this.

1. When enabling MFA, how to do enable multiple methods for MFA (i.e. hardware key, biometric, text to mobile, Microsoft Authentication, etc.)?

2. What is the method of MFA called, when a user must match a two digit number shown on screen, with one of three options shown on their mobile device?

3. Is there a way to also implement MFA with Microsoft desktop applications such as Outlook, Teams, OneDrive, etc. so that the user must confirm an MFA method when launching the apps from their Windows 10 laptop/desktop, even if they have already had to use MFA to get past the Windows 10 login screen?

1,528 Views
0 Likes
3 Replies
Reply
3 Replies
Cian Allner

‎Feb 28 2020 07:56 AM

‎Feb 28 2020 07:56 AM

Re: Looking for specific instructions for enabling and configuring MFA for Ofice 365 users

The two primary ways of enforcing Azure MFA (there is another way too, Security Defaults), this may depend on what licensing is available, either enabling it per user or using Conditional Access, this link talks about the two options and and how to enable per-user Azure MFA, which is the more basic approach -

 

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates

 

And more specifics

 

https://docs.microsoft.com/en-gb/microsoft-365/admin/security-and-compliance/set-up-multi-factor-aut... 

 

This explains the licensing differences and requirements  https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing 

 

The best and most granular experience is using Conditional Access, which Microsoft recommend but that requires Azure AD Premium and also the combined registration experience is worth looking at too, that has its own way of configuring authentication methods, as well as here.

 

With Conditional Access you can target desktop applications and enforce Azure MFA with a set criteria for example to Windows or macOS devices with desktop clients.

 

Hope some of that helps!

0 Likes
Reply
OneTechBeyond

‎Feb 29 2020 12:20 PM

‎Feb 29 2020 12:20 PM

Re: Looking for specific instructions for enabling and configuring MFA for Ofice 365 users

Thanks, @Cian Allner!

 

Also, I recall that there's an MFA method within Office 365 that asks the client app to match the number shown on screen, with one of the three options that show up on their MFA mobile device, rather than entering a six digit code generated from the Microsoft Authenticator app.    


Do you know what the specifics are for setting up that push method of multi-factor authentication?

0 Likes
Reply
Cian Allner

‎Mar 02 2020 07:42 AM

‎Mar 02 2020 07:42 AM

Re: Looking for specific instructions for enabling and configuring MFA for Ofice 365 users

@OneTechBeyond wrote:

Thanks, @Cian Allner!

 

Also, I recall that there's an MFA method within Office 365 that asks the client app to match the number shown on screen, with one of the three options that show up on their MFA mobile device, rather than entering a six digit code generated from the Microsoft Authenticator app.    

Passwordless sign-in has that option (preview), it requires Azure MFA with push notifications enabled plus some other configuration as mentioned in the link.

 

phone-sign-in-microsoft-authenticator-app

 

0 Likes
Reply