Forum Discussion
License needed for MFA with hardware token?
Hi there,
a customer of us wants to improve his MFA distribution. Therefore he wants to utilize hardware tokens, but there is no decision for TOTP or FIDO2, yet. Currently the customer utilizes Office 365 E3 licenses for the end users and as the cloud strategy is not yet defined finally, he does not want to buy further "addon" licenses.
At present they have deployed basic MFA without Conditional Access. Is it possible to use any kind of hardware tokens without Azure AD Premium P1?
Thanks in advance.
Best regards,
Christian
- It is possible for you to use a hardware token without a P1/P2 license provided you use a programmable token (such as the safeid/diamond token). Programmable tokens can act as direct replacements for the TOTP app option that is available for all users and can be programmed using the same QR codes used by the apps.
Hi woelki ,
You can benefit from programmable tokens - they act as drop-in replacement of Authenticator apps:
https://www.token2.swiss/shop/page/hardware-tokens-for-azure-cloud-multi-factor-authentication
Hi Emin Huseynov,
thanks for the confirmation. I already know Token2, but I have not yet tested all tokens.
I already found the manual for the MFA registration with Azure AD Free.
It looks pretty forward for the most of us and it is a great idea just to ship the not marked device to the customers. But the impact on customer side is a bit bigger.
woelki Hello, how about the Authenticator app until the strategy is defined? I'm attaching a couple of links below for information about available versions of Azure Multi-Factor Authentication and their associated licenses.
Available versions of Azure Multi-Factor Authentication
What authentication and verification methods are available in Azure Active Directory?
https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-methodsEnable passwordless sign-in with the Microsoft Authenticator app (preview)
