Office 365 E3 dual authentication advice

dougdog
dougdog used Ask the Experts™
on
Hi
Im looking to turn on multi factor authentication for 365 users
i'm after some advice
is the norm to switch this on for external site access only?
is the app the best method to use
how can i configure this for external access only etc
does this affect thick client apps like outlook etc?
best practice and best method to deploy
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2015
Distinguished Expert 2018
Commented:
The "norm" is defined by your needs. If you want to turn it on for specific situations only, such as external access, you either have to use Conditional access (https://docs.microsoft.com/en-us/azure/active-directory/active-directory-conditional-access) or control it via claims rules if you have AD FS in use. Including control based on the application. Review the article above and references therein for additional details.

The app is only available for smartphones, and requires internet connectivity, so it might not be the best fit for all situations. It's easy to use however, so most users prefer it. You can leave it to them to decide.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial