I have 150 users, all licensed with Office 365 E3. We do not have any Microsoft 365 or premium AD (P1 or P2).
I'm trying to gain a thorough understanding of exactly how basic MFA works with the free AAD that is provided with O365 E3. Trying to sell a separate AAD P1 or upgrade to M365 E3 will be tough with my management, but we need to implement at least some level of MFA.
I've looked pretty thoroughly at Microsoft's documentation and see plenty of info about Conditional Access in P1 or P2, but can't really find anything definitive about exactly what triggers an MFA challenge when basic MFA is in place.
Can someone point me to a detailed explanation of how basic MFA works? Thanks!