We help IT Professionals succeed at work.

MFA in Azure for a hybrid org

Last Modified: 2017-04-10
Hello Experts,

I would like to get your thoughts about implementing MFA in Azure for a Hybrid Organization [Azure- AD on-prem].

Id like to see the options for two and three factor and understand if we can choose our own combinations (Captcha, Text to Phone, Alternate email).

Can you please provide a brief explanation of all my different choices, and a nice graph or pic of each representation ? Please, do not only attach MS links on how to deploy MFA, and a single copy/paste?

PROS and CONS of each model to be implemented? Any gotchas on each option?

Thanks in advance
Watch Question

Most Valuable Expert 2015
Distinguished Expert 2019

Two-factor is the maximum you can get, and users have control over which method to use with Azure MFA. With the on-prem version you get the option to control which method they can use, but you are still limited to two-factor, that's including any other AD FS based 2FAs.

The methods you can choose from are phone call, SMS or using the app (and using a token in the on-prem version, you can also use SMS+PIN). There are no built-in methods to use a captcha or email address, but you can use the API to create such if needed.
Distinguished Expert 2019
This problem has been solved!
(Unlock this solution with a 7-day Free Trial)