Office 365 Multi-Factor Authentication with Microsoft Azure Active Directory

Editor’s note: The following post was written by Office 365 MVP Nuno Árias Silva.

Office 365 with Microsoft Azure Active Directory is an enterprise-level identity and access management cloud solution. Office 365 with Microsoft Azure Active Directory Premium, built on top of the core offering of Azure AD, provides a robust set of capabilities to empower enterprises with more demanding needs on identity and access management. In this article will show the features of the integration of Office 365 with this premium offering with Multi-factor authentication.


Multi-factor authentication increases the security of user logins when sign in for cloud in traditional scenario with just a user and a password. With Multi-Factor Authentication, users are required to acknowledge a phone call, text message, or an app notification on their smartphone after correctly entering their password. Only after this second authentication factor has been satisfied can a user sign in.


The advantages of using Azure Multi-factor authentication are:

  • More security, fewer hoops
  • Real-time monitoring and alerts
  • Deploy it on-premises or in the cloud
  • Works with Office 365, Salesforce and more
  • More protection for Azure administrators
  • Build it into your applications


The main differences between Multi-Factor Authentication for Office 365 compared to Microsoft Azure MFA are:


Multi-Factor Authentication
for Office 365

Microsoft Azure Multi-Factor Authentication

Administrators can Enable/Enforce MFA to end-users



Use Mobile app (online and OTP) as second authentication factor



Use Phone call as second authentication factor



Use SMS as second authentication factor



App passwords for non-browser clients (e.g., Outlook, Lync)



Default Microsoft greetings during authentication phone calls



Remember Me (Public Preview coming in June)



IP Whitelist (currently in Public Preview)



Custom greetings during authentication phone calls



Fraud alert



Event Confirmation



Security Reports



Block/Unblock Users



One-Time Bypass



Customizable caller ID for authentication phone calls



MFA Server – MFA for on-premises applications



MFA SDK – MFA for custom apps




How to configure and enable Azure Multifactor authentication on Office 365

The first steps to configure are:


  1. Sign-up for Azure subscription
    1. The first step is to sign-up for an Azure subscription. If you already have an Azure subscription, skip to the next step.
    2. Create a Multi-Factor Auth Provider
      1. In the Azure Management Portal create a Multi-Factor Auth Provider.
      2. Enable Multi-Factor Authentication on your users
        1. To enable Multi-Factor Authentication on your Office 365 users see
        2. Send email to end users to notify them about MFA
          1. For an example email template see
          2. Have a user sign-in and complete the registration process
            1. To sign-in the first time and complete the registration process see
            2. Configure app passwords for non-browser apps (such as …Outlook etc.).
              1. To configure app passwords see


For advanced settings such as fraud alert, one-time bypass, and configuring your own customized voice messages see


After you have configured Multi-Factor Authentication on Azure integrated to Office 365 you can sign-in to Azure Portal and select Manage.




Here you can see some functions that are available.























After all these steps configured your organization is ready to leverage security with advanced features of Azure Multi-Factor Authentication


Azure Multi-Factor Authentication (Azure MFA) helps reduce organizational risk and enable regulatory compliance by providing an extra layer of authentication in addition to a user’s account credentials. For that purpose, it leverages for additional authentication a convenient form factor that the users already have (and care about): their phone. During sign in, users must also authenticate using the mobile app or by responding to an automated phone call or text message before access is granted. An attacker would need to know the user’s password and have in their possession of the user’s phone to sign in.  As a solution for both cloud-based and on-premises applications.

Multi-factor authentication is becoming the new standard for securing access and how businesses ensure trust in a multi-device, mobile, cloud world.

Final Note:

Microsoft is currently in the process of updating the Office 2013 client applications to support Multi-Factor Authentication through the use of the Active Directory Authentication Library (ADAL). These updates will be coming to various Office 2013 clients over the next serveral months.

This will mean that once these updates are available, app passwords will no longer be required for Office 2013 clients. However, until these updates are available, app passwords will still be required.

Currently the following Office 2013 clients no longer require the use of app passwords:

• Office 2013 for IOS

• Office 2013 for OS X


Introduction to ADAL based authentication


The ADAL based authentication stack enables the Office 2013 clients to engage in browser-based authentication (also known as passive authentication) where the user is directed to a web page from the identity provider to authenticate.

For additional information on these updates see: Office 2013 updated authentication enabling Multi-Factor Authentication and SAML identity providers here -


Support Links:


Azure Multi-Factor Authentication



Securing access to cloud services - Information for Administrators



Azure Active Directory Editions



About the author

Nuno is a Manager at Capgemini Portugal - Microsoft Solutions Architect - MVP Office 365 at Capgemini (Microsoft Gold Partner) for Microsoft Office 365, Exchange, Private Cloud, Infrastructure, Active Directory, SQL and Auditing Microsoft Products, support at pre-sales and sales areas.  Specialist in Office 365, with a focus on Exchange, Virtualization, Azure and System Center: With more than 17 years’ experience in Datacenter Architectures, with Master in Information Technologies, Nuno has 30+ certifications (MCSE, MCITP, MCSA and MCTS among others). Experience in enterprise environments: He has worked several industries, including Aerospace, Transportation, Energy, Manufacturing, Financial Services, Government, Health Care, Telecoms and IT Services, Gas-Oil Company in different countries and continents. Assisted Microsoft in the development of workshops and special events and case studies, and as a speaker at several Microsoft events. Contributes with several articles and publications in various blogs and communities.  Follow him on Twitter @nunoariassilva 

About MVP Monday

The MVP Monday Series is created by Melissa Travers. In this series we work to provide readers with a guest post from an MVP every Monday. Melissa is a Community Program Manager, formerly known as MVP Lead, for Messaging and Collaboration (Exchange, Lync, Office 365 and SharePoint) and Microsoft Dynamics in the US. She began her career at Microsoft as an Exchange Support Engineer and has been working with the technical community in some capacity for almost a decade. In her spare time she enjoys going to the gym, shopping for handbags, watching period and fantasy dramas, and spending time with her children and miniature Dachshund. Melissa lives in North Carolina and works out of the Microsoft Charlotte office.





Comments (2)
  1. Alan Burchill says:

    Is it possible to enable MFA for specific cloud authentication services? or is it on globally for all users?

  2. Divya says:

    I think it is the best move to move to Office 365, see what customer and partners are doing  and also Office 365 team is doing great job …just follow this link and watch this video it is part of a weekly education series presented and delivered by Office 365 team and partners – watch this video to learn more about the Office 365 roadmap. Learn more and join the conversation in the Yammer Office 365 community. Simply sign up at

Comments are closed.

Skip to main content