License needed for MFA with hardware token?

Iron Contributor

Hi there,


a customer of us wants to improve his MFA distribution. Therefore he wants to utilize hardware tokens, but there is no decision for TOTP or FIDO2, yet. Currently the customer utilizes Office 365 E3 licenses for the end users and as the cloud strategy is not yet defined finally, he does not want to buy further "addon" licenses.


At present they have deployed basic MFA without Conditional Access. Is it possible to use any kind of hardware tokens without Azure AD Premium P1?


Thanks in advance.


Best regards,


3 Replies

@woelki Hello, how about the Authenticator app until the strategy is defined? I'm attaching a couple of links below for information about available versions of Azure Multi-Factor Authentication and their associated licenses.


Available versions of Azure Multi-Factor Authentication


What authentication and verification methods are available in Azure Active Directory? 


Enable passwordless sign-in with the Microsoft Authenticator app (preview)

Hi @woelki ,

You can benefit from programmable tokens - they act as drop-in replacement of Authenticator apps: 



Hi @Emin Huseynov,
thanks for the confirmation. I already know Token2, but I have not yet tested all tokens.
I already found the manual for the MFA registration with Azure AD Free.
It looks pretty forward for the most of us and it is a great idea just to ship the not marked device to the customers. But the impact on customer side is a bit bigger.