Azure Multi-factor Authentication vs. MFA included with Office 365Alex Fields
I have previously described MFA for Office 365. It’s a great way to add an extra layer of security to your cloud-based applications. Here are the features included with MFA for Office 365:
- Administrators can protect accounts with MFA
- Mobile app as a second factor
- Phone call as a second factor
- SMS as a second factor
- App passwords for clients that don’t support MFA
- Remember MFA for trusted devices
If you want to take this even further–for example, by enabling multi-factor authentication for your on-premises applications, or by getting fraud alerts and other handy reporting, then you can consider moving into a full Azure MFA subscription. Here are the additional features you will get:
- Admin control over authentication methods
- PIN mode
- Fraud alert
- MFA Reports
- One-Time Bypass
- Custom greetings for phone calls
- Customization of caller ID for phone calls
- Event Confirmation
- Trusted IPs
- MFA for on-premises applications using MFA server
- MFA SDK
You can get started with the extra “bells and whistles” in one of three ways:
- Create a Multi-Factor Authentication Provider in the Azure portal and link it to your directory (you will be charged against your Azure subscription per user or per authentication–your choice)
- Purchase Azure MFA licensing separately
- Purchase Azure AD Premium or even the full boat of EMS Licensing–effectively bundling MFA together with a bunch of other cool features.
Unlike the MFA provider included with Office 365, there will be a little more elbow-grease required to get the full version running, especially if you intend to enable integration with your on-premises applications (e.g. Directory Synchronization with Azure AD Connect, single sign-on with ADFS, etc.).
Note that the on-premises portion of Azure MFA is not necessary for getting great benefits out of MFA for cloud-based applications. You can do plenty of cool things for apps in the Microsoft cloud and in third party clouds, without needing to setup an on-premises MFA server at all.
I am including links here to a few helpful resources. If you have any more questions or want to see additional info on this topic, do not hesitate to reach out and ask for help!
- Overview and feature comparison with Office 365/Azure-included version
- Q & A on Azure Multi-factor authentication
- Help me choose the MFA solution that is right for me (cloud vs. on-prem)
- How-to deploy Azure MFA (in the cloud)
- Configuring the extra “bells & whistles” for MFA (in the cloud)
- Set up an on-premises Azure MFA Server