Muli-Factor Authentication using Office 365 is widely used. MFA can be used for all the application that integrates with Office 365 services.
The first an foremost is to assign license to the users. The license can be
- MFA Stand-alone License
- MFA license that comes along with other services. License such as Enterprise Mobility + Security (E3)
- MFA Consumption based
There are 2 usage models,
- Per user based – This is based on number of license that you assigned to the user. If you have bought 100 E3 license, the billing is calculated only for the users who has this license assigned, not 100.
- Per Authentication – This is based on number of authentication
Type of usage
Office 365 services only – Once a license is assigned to the user, thats pretty much it. All we have to do is to enable MFA for the users and enforce it. MFA settings are completely controlled from Office 365 portal.
On-prem Azure MFA – This is a server installed on-prem and works with Office 365 MFA. This helps to make use of MFA for applications like Citrix. (Expect more applications in this list in future).
NPS extension for NPS servers – This is purely for Network policy server. To have MFA enabled for users who connects through NPS server, can make use of this extension.