We are starting to get prepared for MFA/2FA for our network but I am a little confused. We currently have an in house AD but we also have O365 with AD connect syncing our AD data to azure AD since we want a SSO for office and our email (we use exchange online).
I'm not sure if i am using the Azure AD MFA or if i need to use a third party. I've also heard that once you enable the MFA/2FA that your apps will now need some sort of app password or something?
We currently use windows 2012 R2 for our AD and it's in 2008 forest/domain mode.