This is the Trace Id: e69e3e07dae47848d3d51cda2434188c
Skip to main content Why Microsoft Security AI-powered cybersecurity Cloud security Data security & governance Identity & network access Privacy & risk management Security for AI Unified SecOps Zero Trust Microsoft Defender Microsoft Entra Microsoft Intune Microsoft Priva Microsoft Purview Microsoft Sentinel Microsoft Security Copilot Microsoft Entra ID (Azure Active Directory) Microsoft Entra Agent ID Microsoft Entra External ID Microsoft Entra ID Governance Microsoft Entra ID Protection Microsoft Entra Internet Access Microsoft Entra Private Access Microsoft Entra Permissions Management Microsoft Entra Verified ID Microsoft Entra Workload ID Microsoft Entra Domain Services Azure Key Vault Microsoft Sentinel Microsoft Defender for Cloud Microsoft Defender XDR Microsoft Defender for Endpoint Microsoft Defender for Office 365 Microsoft Defender for Identity Microsoft Defender for Cloud Apps Microsoft Security Exposure Management Microsoft Defender Vulnerability Management Microsoft Defender Threat Intelligence Microsoft Defender Suite for Business Premium Microsoft Defender for Cloud Microsoft Defender Cloud Security Posture Mgmt Microsoft Defender External Attack Surface Management Azure Firewall Azure Web App Firewall Azure DDoS Protection GitHub Advanced Security Microsoft Defender for Endpoint Microsoft Defender XDR Microsoft Defender for Business Microsoft Intune core capabilities Microsoft Defender for IoT Microsoft Defender Vulnerability Management Microsoft Intune Advanced Analytics Microsoft Intune Endpoint Privilege Management Microsoft Intune Enterprise Application Management Microsoft Intune Remote Help Microsoft Cloud PKI Microsoft Purview Communication Compliance Microsoft Purview Compliance Manager Microsoft Purview Data Lifecycle Management Microsoft Purview eDiscovery Microsoft Purview Audit Microsoft Priva Risk Management Microsoft Priva Subject Rights Requests Microsoft Purview Data Governance Microsoft Purview Suite for Business Premium Microsoft Purview data security capabilities Pricing Services Partners Cybersecurity awareness Customer stories Security 101 Product trials How we protect Microsoft Industry recognition Microsoft Security Insider Microsoft Digital Defense Report Security Response Center Microsoft Security Blog Microsoft Security Events Microsoft Tech Community Documentation Technical Content Library Training & certifications Compliance Program for Microsoft Cloud Microsoft Trust Center Security Engineering Portal Service Trust Portal Microsoft Secure Future Initiative Business Solutions Hub Contact Sales Start free trial Microsoft Security Azure Dynamics 365 Microsoft 365 Microsoft Teams Windows 365 Microsoft AI Azure Space Mixed reality Microsoft HoloLens Microsoft Viva Quantum computing Sustainability Education Automotive Financial services Government Healthcare Manufacturing Retail Find a partner Become a partner Partner Network Microsoft Marketplace Marketplace Rewards Software development companies Blog Microsoft Advertising Developer Center Documentation Events Licensing Microsoft Learn Microsoft Research View Sitemap
MULTIFACTOR AUTHENTICATION (MFA) FOR BUSINESS

Secure user access with MFA in Microsoft Entra ID

Bad actors don’t break in, they log in. Help protect your organization from identity breaches with strong multi-factor authentication capabilities built into Microsoft Entra ID.
Try Entra ID for free
Biometric security icons surrounding a fingerprint lock
OVERVIEW

Explore how MFA helps reduce the risk of identity breaches

  • Reduce the risk of password compromise and identity attacks with an extra layer of protection.
    A person sitting at a desk using a laptop.
  • Safeguard high-risk accounts from phishing, password spray, breach replay, and other common threats.
    A person sitting at a desk using a laptop.
  • Ensure only verified users can access sensitive apps and data.
    A person holding a tablet.
  • Balance security with usability by minimizing friction during sign-in.
    Two people collaborating at a table using a laptop with a digital interface overlay
IMPACT

Why MFA matters

In a world of constant cyberthreats, MFA can significantly reduce risk to your organization by securing identity access and helping you meet compliance requirements.
600 million Identity attacks per day 1 Person working on a laptop in a modern office setting 97% Percentage of identity attacks that are password spray or brute force 2 99% Percentage of unauthorized access attempts that MFA blocks 3
HOW IT WORKS
Discover the MFA methods built into Microsoft Entra ID
Microsoft Entra ID enables various MFA methods such as texts, biometrics one-time passcodes to help protect your users from identity cyberattacks.
01
Microsoft Authenticator
02
FIDO2 security keys
03
Certificate-based authentication
04
Windows Hello for Business
Use your mobile device to approve sign-ins using push notifications, biometrics, or one-time passcodes, and augment or replace passwords with two-step verification.
Learn more
A screenshot of a computer and a phone on a white background with black text.
Back to tabs
PLANS AND PRICING

Start implementing MFA with a Microsoft Entra ID plan today

Microsoft Entra ID Free

Multifactor authentication capabilities are included in the free version of Microsoft Entra ID.
Free
User/month
Sign in with your Microsoft account Create a free Azure account
  • Microsoft Entra ID Free is included with Microsoft Azure, Microsoft 365, and other Microsoft cloud subscriptions.5
  • Support multifactor authentication, unlimited SSO across any SaaS app, basic reports, and self-service password change for cloud users.
  • Manage users and groups in the cloud.
  • Sync your on-premises directory with Microsoft Entra ID.
  • Passwordless authentication

Microsoft Entra ID P1

Secure access with a leading cloud identity and access management solution that includes advanced MFA.
$6.00
user/month, paid yearly
(Annual subscription—auto renews)4
Buy now Try free for 30 days
  • Includes all capabilities in Microsoft Entra ID Free plus:
  • Authentication, single sign-on, and application access
  • Multifactor authentication
  • Employee self-service
  • Administration and hybrid identity
  • Passwordless authentication
  • Conditional access
  • Event logging and reporting
  • Advanced security and usage reports
  • Verifiable credentials issuance and verification
     

Microsoft Entra ID P2

Get comprehensive identity protection, risk detection, and adaptive and privileged access controls.
$9.00
user/month, paid yearly
(Annual subscription—auto renews)4
Try free for 30 days Contact Sales
  • Includes all capabilities in Microsoft Entra ID P1 plus:
  • Microsoft Entra ID Protection
  • Risk-based conditional access
  • Privileged identity management
  • Basic entitlement management
  • Basic access reviews
Learn more about Microsoft Entra ID
CUSTOMER STORIES

See why more than 720,000 organizations use Microsoft Entra ID for MFA

  1. Banco Do Brasil Logo
  2. AON Logo
  3. Nationwide Logo
People seated around a table in a bright workspace, engaged in discussion
Banco Do Brasil Logo
"I’d [like to] highlight the authentication aspect. Microsoft Entra through Windows Hello for Business ... has improved the user experience.”
Ricardo Rocha Pires, IT Infrastructure Specialist
People seated around a table in a bright workspace, engaged in discussion
AON Logo
By migrating data to Azure SQL Managed Instance and Azure SQL Database, Aon moved away from an on-prem password-based authentication process and adopted a passwordless model using managed identities and Microsoft Entra.
A close-up of a bank ATM machine with a blue sign displaying white text including Nationwide and A good way to bank.
Nationwide Logo
“We … [are] building up our data loss prevention capability with the security tooling of Microsoft E5, alongside security perimeter controls like MFA.”
Jonathan Murray, Technology for Colleagues Lead
Back to carousel navigation controls
RESOURCES

Dive deeper into MFA

  1.
A person sitting at a table using a laptop and holding a phone.
Deployment guide

Plan your rollout with an MFA deployment guide

Explore prerequisites, authentication methods, and common policies for Microsoft Entra MFA.
Get the deployment guide
A laptop on a stand with a person in a green shirt visible in the background.
Video

Learn about phishing-resistant MFA with synced passkeys in Microsoft Entra

Securely sign in across all your devices without relying on passwords or extra apps.
Watch the video
A person in a green jacket looking at a phone.
Documentation

Get phishing-resistant passwordless authentication

Minimize password theft with the strongest authentication method available in the marketplace.
Read more
A man and woman smiling.
Blog

Learn why your password doesn’t matter

Delve into the role passwords play in major cyberattacks—and how MFA can stop them.
Read the blog
A close-up of a person wearing a suit and tie.
Documentation

Use MFA to deter cyberattacks

Find out more about the effectiveness of MFA and how it protects your accounts from unauthorized access.
Get the report
A woman with long hair sitting at a table with a laptop.
Documentation

Create, configure, and test your MFA policy

Find out how to enable and use Microsoft Entra MFA with Conditional Access policies.
Learn more
A person sitting at a table looking at their phone.
Documentation

Provide a more secure way to authenticate

Secure Active Directory Federation Services (AD FS) resources, both on-premises and in the cloud.
Learn more
Back to carousel navigation controls

Frequently asked questions

  • Multifactor authentication (MFA) adds a layer of protection to the sign-in process. When accessing accounts or apps, users provide additional identity verification, such as scanning a fingerprint or entering a code received by phone.
  • Microsoft Entra ID has MFA capabilities built in that help organizations secure access to vital systems. MFA does this by requiring two or more of the following authentication methods:
     
    • Something you know, such as a password
    • Something you have, such as a trusted phone or hardware key
    • Something you are (biometrics), such as a fingerprint or face scan
     
  • Yes. MFA features are available to Microsoft 365 users at no extra cost. Microsoft 365 E3 includes Microsoft Entra ID P1, and E5 includes Microsoft Entra ID P2, which offer advanced MFA capabilities with Conditional Access for more granular control.
  • Microsoft Entra ID’s MFA capabilities support Microsoft Authenticator (with push notifications, passwordless sign-in, and biometrics), passkeys (FIDO2), certificate-based authentication, OATH tokens (hardware and software), SMS text messages, voice calls, and email verification.
  • Yes. Microsoft Entra ID supports passwordless authentication including Windows Hello for Business, passkeys (FIDO2 security keys), Microsoft Authenticator app, and Platform Credential for macOS. These methods are more secure and convenient, removing passwords while using something you have (device) plus something you know or are (PIN or biometrics).
  • No. MFA is included in your Microsoft 365 subscription as a capability of Entra ID. Microsoft 365 E3 includes Entra ID P1, and E5 includes Entra ID P2—both provide MFA at no additional cost. You can use security defaults for basic MFA or Conditional Access policies for advanced MFA control without purchasing separate licenses.
  • Set up MFA using Conditional Access policies (this requires Entra ID P1 or Entra ID P2) or security defaults (available in Entra ID Free). Sign in to the Microsoft Entra admin center to get started and check out the deployment guide for details.
Person seated on a sofa using a tablet in a minimalist indoor setting
Get started

Get started with Microsoft Entra ID

Strengthen your security with the MFA capabilities built into Microsoft Entra ID.
Try Entra ID for free Contact Sales
  1. [1]
    Microsoft Digital Defense Report 2024 (Microsoft, October 2024).

    Read the report
  2. [2]
    Microsoft Digital Defense Report 2025 (Microsoft, October 2025).

    Read the report
  3. [3]
    Microsoft Digital Defense Report 2025 (Microsoft, October 2025).

    Read the report
  4. [4]
    Once your paid subscription begins, you have a 7-day cancellation window to receive a prorated refund, only paying for what you use. You may cancel your subscription at any time in the Microsoft 365 admin center. Learn how to cancel your Microsoft 365 subscription. When a subscription is canceled, all associated data will be deleted. Learn more about data retention, deletion, and destruction in Microsoft 365.
  5. [5]
    The free edition of Microsoft Entra ID is included with a subscription of a commercial online service such as Microsoft Azure, Microsoft Dynamics 365, Microsoft Intune, Microsoft Power Platform, and others in countries where they are available for sale.

Follow Microsoft Security

Surface Pro Surface Laptop Surface Laptop Studio 2 Copilot for organizations Copilot for personal use AI in Windows Explore Microsoft products Windows 11 apps Account profile Download Center Microsoft Store support Returns Order tracking Certified Refurbished Microsoft Store Promise Flexible Payments Microsoft in education Devices for education Microsoft Teams for Education Microsoft 365 Education How to buy for your school Educator training and development Deals for students and parents AI for education
Microsoft AI Microsoft Security Dynamics 365 Microsoft 365 Microsoft Power Platform Microsoft Teams Microsoft 365 Copilot Small Business Azure Microsoft Developer Microsoft Learn Support for AI marketplace apps Microsoft Tech Community Microsoft Marketplace Marketplace Rewards Visual Studio Careers About Microsoft Company news Privacy at Microsoft Investors Diversity and inclusion Accessibility Sustainability
English (United States) Consumer Health Privacy Sitemap Contact Microsoft Privacy Manage cookies Terms of use Trademarks Safety & eco Recycling About our ads