Today I was playing with my Office 365 subscription and I noticed that there is an option to enable the free Multi Factor authentication option. Office 365 supports MFA since February this year. TechNet states that Multi-Factor Authentication for Office 365 (powered by Azure Multi-Factor Authentication) works exclusively with Office 365 applications and that it is managed from the Office 365 portal. But after enabling this option for one of my users, it was also enabled while logging on to the Microsoft Intune portal. Very logical if you ask me since they share the same users.
Update: Since last week MFA is also available in Microsoft Intune, the only thing is that this option is only visible (in a different location) in Microsoft Intune standalone, not when you are using Configuration Manager 2012 R2 to manage your mobile devices. (Thanks Simon)
Let’s see how this works when using Microsoft Intune in a hybrid scenario.
To be able to add MFA to Microsoft Intune the easy way you need to have an Office 365 and Microsoft Intune subscription on the same tenant. After logging on to the Office 365 Admin portal (https://portal.office.com) you see in the users section the option to Set up Multi-factor authentication.
Next you see all the synchronized users and the multi-factor auth status where you can enable the users for MFA.
After selecting the user and clicking on Enable you are able to enable multi-factor auth for that user.
After enabling this feature the user is able to configure it and choose if a text message with a one-time password or an automated call is received.
Next you need to configure your mobile number which is used to receive the text messages or calls, your number needs to be verified before you are able to continue.
After this process is finished you are able to configure a special password that can be used for for instance ActiveSync or Outlook Anywhere. In this case we do not need to configure it since we will only be using it for Microsoft Intune 🙂
So after configuring MFA, it can be used to enroll the device into Microsoft Intune (or hybrid into Configuration Manager 2012 R2) or to access the apps via the Microsoft Intune Company Portal.
So when you have Office 365 and Microsoft Intune and you are using Microsoft Intune in a hybrid scenario you can use the MFA support in Office 365 also for Microsoft Intune without the need of configuring it in Microsoft Azure. Very nice if you ask me 🙂
As said, the MFA option is only available in a Microsoft Intune standalone scenario, not in a hybrid scenario..
Till next time!