Multi-Factor Authentication

Users Service Settings

Click Here to open Service Settings

Navigate to Users / Per user MFA

app passwords

• Do not allow users to create app passwords to sign in to non-browser apps

trusted ips

• Use Trusted Networks / Conditional Access Polcies

verification options

• Methods available to users:
  • Recommend: Text message to phone
  • Recommend: Notification through mobile app
  • Recommend: Verification code from mobile app or hardware token

remember multi-factor authentication on trusted device

• Recommend using conditional access policies

Multi-Factor Authentication

Click Here to open MFA Settings blade

Account lockout

Account lockout

• Number of MFA denials to trigger account lockout
• Minutes until account lockout counter is reset
• Minutes until account is automatically unblocked

Block/unblock users

Fraud alert

Fraud alert

• Allow users to submit fraud alerts: On
• Automatically block users who report fraud On

Notifications

• Recipient's Email Address: Add in DL or email of team responsible

Phone call settings

• MFA caller ID number (US phone number only): Use a number associated with Company (like help desk)

• Everything else is for MFA Server

Click here to go to Authentication Methods Wiki for additional settings