Multi Factor Authentication

Looking for some info; pro's/cons as to enabling MFA on Office 365.
We are looking to push this out to Contractors and any experience of this would be appreciated.

Does it get enabled at a high level?  Can it be pushed out to single users?
How is it managed?
Darrin CrawfordAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
There are multitude of controls. In general you enable it on per-user basis, but you can also configure features such as conditional access to applications (for example, require everyone accessing SharePoint from outside of the company network to perform MFA validation). The only con is that requires you to educate your users properly, otherwise it can be a potential driver for more support calls. But the added security benefits are worth it.

Also, if you enable it for admin account, note that some of the PowerShell modules still dont support MFA, or require you to update to a newer version/change your login routine.

There's an extensive documentation on MFA available here:
(make sure to go over all the sections in the left navigation menu!)
Darrin CrawfordAuthor Commented:
So working through the documentation on a test environment.
Tested user logging in to web versions of office 365 and asks to setup  authentication by text message etc.
But it doesn't ask me for my 'normal' password?

Also then if I open any client, say Skype or Outlook, it allows me in.

Is there a further setup to do or is Office 365 not able to accommodate ?
Vasil Michev (MVP)Commented:
Password is asked beforehand, you will be presented with the MFA challenge (or setup process) only after successfully authenticating first. In scenarios where you are using AD FS or any other form of SSO, password might not be required at all. Best test from location outside of the corporate network, or use Private sessions.

Depending on the version of Office apps and protocols used (Modern authentication), you might not be presented with an authentication prompt for up to 90 days upon successful authentication.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.