Also give Duo a try. From a configuration / maintenance standpoint you'll quickly see the advantage over Azure MFA.

@CptnCrnch, we did demo several 2FA/MFA's (Duo one of them) and found Azure more cost effective and easier to manage given our current Azure footprint along with our other system requirements.

I'm sure Duo will mature with Cisco owning since 2018 and might be a worth looking at again in the future, but for now......We're happy with Azure 🙂

Wow! I'm always hearing the "most cost effective" argument regarding Azure but you're the first one that seems to prefer the Azure management option. Congrats on that! 😉

Depends on your particular circumstances and requirements right? In our case DUO would have required another system to manage (broker) where as we don't need in Azure. Also, I'm saving $$$$ since our subscription already comes with MFA (P1/P2) so essentially saving money really.

Of course you can concentrate "only" on licensing costs. On the other hand, systems need management that imply cost too. Therefore I mentioned that "free of charge" with MS doesn't mean that the overall solution is really cheaper when having it in production. 😉

But hey: if you are happy with it, I'm happy tool 🙂

Hey Buddy,

We are using the same MFA! have you tried SMS or Call authentication? I've tried it but it won't work for me, we can only use MFA app for approval.

Hi @BaronCSE, yes we have it set to either of three choices based on user requirements, Text, MS APP or Token. Thankfully only have a few that wanted the Token, but still easy to setup. As far as you're question, under Azure AD/Security/Authentication Methods is where you create the policy. I manage the policies via AD Groups. Users have the option to use multiple such as Text and MS APP in case they require one or the other.