Secure access to resources with multifactor authentication

Help protect your organization against breaches due to lost or stolen credentials with strong authentication. Secure any app with just one step.

Safeguard your organization with a seamless identity solution

What is multifactor authentication?

Multifactor authentication adds a layer of protection to the sign-in process. When accessing accounts or apps, users provide additional identity verification, such as scanning a fingerprint or entering a code received by phone.

Why use multifactor authentication?

A person using a mobile phone.
  • It’s more secure than passwords

    In most identity attacks, it doesn’t matter how long or complex your passwords are.

A person sitting in a chair using a computer.
  • Some types of multifactor authentication are stronger than others

    Make sure your credentials for high-risk accounts are resistant to phishing and channel jacking.

A person sitting down using a mobile phone.
  • Passwords are making you vulnerable

    Protect your business from common identity attacks with one simple action.

Multifactor authentication in Azure AD

Azure AD offers a broad range of flexible multifactor authentication methods—such as texts, calls, biometrics, and one-time passcodes—to meet the unique needs of your organization and help keep your users protected.

Azure AD multifactor authentication helps safeguard access to data and apps while maintaining simplicity for users. It provides additional security by requiring a second form of verification and delivers strong authentication through a range of easy-to-use validation methods.

Choose the right technology

Azure AD multifactor authentication works by requiring two or more verification methods.

Microsoft Authenticator

Approve sign-ins from a mobile app using push notifications, biometrics, or one-time passcodes. Augment or replace passwords with two-step verification and boost the security of your accounts from your mobile device.

Windows Hello for Business

Replace your passwords with strong two-factor authentication on Windows 10 devices. Use a credential tied to your device along with a PIN, a fingerprint, or facial recognition to protect your accounts.

FIDO2 security keys

Sign in without a username or password using an external USB, near-field communication (NFC), or other external security key that supports Fast Identity Online (FIDO) standards in place of a password.

Hardware tokens

Automatically generate a one-time password (OTP) based on open authentication (OATH) standards from a physical device.

Software tokens

Use the Microsoft Authenticator app or other apps to generate an OATH verification code as a second form of authentication.

SMS and voice

Receive a code on your mobile phone via SMS or voice call to augment your password security.

Take a deep dive into Azure AD multifactor authentication solutions

Additional resources

Get the Azure multifactor authentication adoption kit

Use this all-in-one guide to help you plan, test, and deploy Azure multifactor authentication in your organization.

Try passwordless

Passwordless authentication can make multifactor authentication more secure and convenient using new factors based on FIDO standards.

Inform your organization

Roll out multifactor authentication using these customizable posters, emails, and other templated materials.

Your Pa$$word doesn't matter

Find out what the major attacks on passwords are and how the password itself factors into the equation.

Safeguard your organization with a seamless identity solution