Skip to main content
Microsoft Security

Multifactor authentication in Azure AD

Use strong multifactor authentication (MFA) in Azure Active Directory (Azure AD) to help protect your organization against breaches due to lost or stolen credentials.
A person looking at a mobile phone

Strengthen security and reduce costs with Microsoft Entra

Hear Joy Chik, Microsoft Corporate Vice President for Identity, share the latest identity and access announcements in governance, workload identities, strong authentication, and new tools for upgrading from Active Directory Federation Services (AD FS) to Azure AD.

Help secure access to resources with multifactor authentication

Use stronger security than passwords alone

Long or complex passwords can be easily compromised in an identity attack. Get more protection with MFA.

Protect your users from credential theft

Make sure your credentials for high-risk accounts are resistant to phishing and channel jacking.

Secure your resources against unauthorized access

Verify user identities before granting access to your resources.

Ensure a seamless user experience

Reduce friction and simplify security to empower your users.

What is MFA?

Help protect your business from common identity attacks with one simple action.

Multifactor authentication methods in Azure AD

Use various MFA methods with Azure AD—such as texts, biometrics, and one-time passcodes—to meet your organization’s needs.

A hand holding a mobile phone displaying a request to approve sign-in in Microsoft Authenticator.

Microsoft Authenticator

Approve sign-ins from a mobile app using push notifications, biometrics, or one-time passcodes. Augment or replace passwords with two-step verification and boost the security of your accounts from your mobile device.

Two hands typing on a laptop.

FIDO2 security keys

Sign in without a username or password using an external USB, near-field communication (NFC), or other external security key that supports Fast Identity Online (FIDO) standards in place of a password.

A person wearing protective clothing and earplugs working in a server room.

Certificate-based authentication

Enforce phish-resistant MFA authentication using personal identity verification (PIV) and common access card (CAC). Azure AD users can authenticate using X.509 certificates on their smartcards or devices directly against Azure AD for browser and application sign-in.

Back to tabs

See what Azure AD customers are saying

Azure AD Multifactor Authentication

Choose the best Azure AD option for your business

  • Azure AD Free: The free edition of Azure AD is included with a subscription of a commercial online service such as Azure, Dynamics 365, Intune, and Power Platform.1
  • Azure AD Premium P1: Azure AD Premium P1, included with Microsoft 365 E3, offers a free 30-day trial. Azure and Office 365 subscribers can buy Azure AD Premium P1 online.
  • Azure AD Premium P2: Azure AD Premium P2, included with Microsoft 365 E5, offers a free 30-day trial. Azure and Office 365 subscribers can buy Azure Active Directory Premium P2 online.
  • Office 365: Additional Azure AD features are included with Office 365 E1, E3, E5, F1, and F3 subscriptions.2

Related Azure AD features

A person working in  a laptop.

Conditional access

Apply the right access controls to keep your organization more secure.

A person sitting a chair and working in laptop.

Single sign-on

Connect your workforce to all your apps, from any location, using any device.

A person sitting and watching the Laptop.

Azure AD Identity Protection

Automate detection and remediation of identity-based risks.

MFA documentation and training

Azure MFA adoption kit

Use this all-in-one guide to help you plan, test, and deploy Azure multifactor authentication in your organization.

Inform your organization

Roll out MFA using these customizable posters, emails, and other templated materials.

Use passwordless authentication

Make MFA more secure and convenient using new factors based on FIDO standards.

Webinar: Your Pa$$word Doesn't Matter

Learn about the major attacks on passwords and how passwords can play a role in these attacks.

Frequently asked questions

  • Multifactor authentication (MFA) adds a layer of protection to the sign-in process. When accessing accounts or apps, users provide additional identity verification, such as scanning a fingerprint or entering a code received by phone.

  • MFA works in Azure Active Directory by requiring two or more of the following authentication methods:

    • A password
    • A trusted device that's not easily duplicated, like a phone or hardware key
    • Biometrics like a fingerprint or face scan
  • Multifactor authentication is a capability of Azure Active Directory.

Protect everything

Make your future more secure. Explore your security options today.
  • [1] The free edition of Azure AD is included with a subscription of a commercial online service such as Azure, Dynamics 365, Intune, and Power Platform in countries where they are available for sale.
  • [2] Additional Azure AD features are included with Office 365 E1, E3, E5, F1, and F3 subscriptions in countries where they are available for sale.

Follow Microsoft