This is the Trace Id: d9a0871ceea2f92cb094dcc146bd4f5b
Skip to main content
Microsoft Security
MULTIFACTOR AUTHENTICATION (MFA) FOR BUSINESS

Secure user access with MFA in Microsoft Entra ID

Bad actors don’t break in, they log in. Help protect your organization from identity breaches with strong multi-factor authentication capabilities built into Microsoft Entra ID.
Try Entra ID for free
Biometric security icons surrounding a fingerprint lock
OVERVIEW

Explore how MFA helps reduce the risk of identity breaches

  • Reduce the risk of password compromise and identity attacks with an extra layer of protection.
    A person sitting at a desk using a laptop.
  • Safeguard high-risk accounts from phishing, password spray, breach replay, and other common threats.
    A person sitting at a desk using a laptop.
  • Ensure only verified users can access sensitive apps and data.
    A person holding a tablet.
  • Balance security with usability by minimizing friction during sign-in.
    Two people collaborating at a table using a laptop with a digital interface overlay
IMPACT

Why MFA matters

In a world of constant cyberthreats, MFA can significantly reduce risk to your organization by securing identity access and helping you meet compliance requirements.
600 million Identity attacks per day 1 Person working on a laptop in a modern office setting 97% Percentage of identity attacks that are password spray or brute force 2 99% Percentage of unauthorized access attempts that MFA blocks 3
HOW IT WORKS
Discover the MFA methods built into Microsoft Entra ID
Microsoft Entra ID enables various MFA methods such as texts, biometrics one-time passcodes to help protect your users from identity cyberattacks.
01
Microsoft Authenticator
02
FIDO2 security keys
03
Certificate-based authentication
04
Windows Hello for Business
Use your mobile device to approve sign-ins using push notifications, biometrics, or one-time passcodes, and augment or replace passwords with two-step verification.
Learn more
A screenshot of a computer and a phone on a white background with black text.
Back to tabs
PLANS AND PRICING

Start implementing MFA with a Microsoft Entra ID plan today

Microsoft Entra ID Free

Multifactor authentication capabilities are included in the free version of Microsoft Entra ID.
Free
User/month
Sign in with your Microsoft account Create a free Azure account
  • Microsoft Entra ID Free is included with Microsoft Azure, Microsoft 365, and other Microsoft cloud subscriptions.5
  • Support multifactor authentication, unlimited SSO across any SaaS app, basic reports, and self-service password change for cloud users.
  • Manage users and groups in the cloud.
  • Sync your on-premises directory with Microsoft Entra ID.
  • Passwordless authentication

Microsoft Entra ID P1

Secure access with a leading cloud identity and access management solution that includes advanced MFA.
$6.00
user/month, paid yearly
(Annual subscription—auto renews)4
Buy now Try free for 30 days
  • Includes all capabilities in Microsoft Entra ID Free plus:
  • Authentication, single sign-on, and application access
  • Multifactor authentication
  • Employee self-service
  • Administration and hybrid identity
  • Passwordless authentication
  • Conditional access
  • Event logging and reporting
  • Advanced security and usage reports
  • Verifiable credentials issuance and verification
     

Microsoft Entra ID P2

Get comprehensive identity protection, risk detection, and adaptive and privileged access controls.
$9.00
user/month, paid yearly
(Annual subscription—auto renews)4
Try free for 30 days Contact Sales
  • Includes all capabilities in Microsoft Entra ID P1 plus:
  • Microsoft Entra ID Protection
  • Risk-based conditional access
  • Privileged identity management
  • Basic entitlement management
  • Basic access reviews
Learn more about Microsoft Entra ID
CUSTOMER STORIES

See why more than 720,000 organizations use Microsoft Entra ID for MFA

  1. Banco Do Brasil Logo
  2. AON Logo
  3. Nationwide Logo
People seated around a table in a bright workspace, engaged in discussion
Banco Do Brasil Logo
"I’d [like to] highlight the authentication aspect. Microsoft Entra through Windows Hello for Business ... has improved the user experience.”
Ricardo Rocha Pires, IT Infrastructure Specialist
People seated around a table in a bright workspace, engaged in discussion
AON Logo
By migrating data to Azure SQL Managed Instance and Azure SQL Database, Aon moved away from an on-prem password-based authentication process and adopted a passwordless model using managed identities and Microsoft Entra.
A close-up of a bank ATM machine with a blue sign displaying white text including Nationwide and A good way to bank.
Nationwide Logo
“We … [are] building up our data loss prevention capability with the security tooling of Microsoft E5, alongside security perimeter controls like MFA.”
Jonathan Murray, Technology for Colleagues Lead
Back to carousel navigation controls
RESOURCES

Dive deeper into MFA

  1.
A person sitting at a table using a laptop and holding a phone.
Deployment guide

Plan your rollout with an MFA deployment guide

Explore prerequisites, authentication methods, and common policies for Microsoft Entra MFA.
Get the deployment guide
A laptop on a stand with a person in a green shirt visible in the background.
Video

Learn about phishing-resistant MFA with synced passkeys in Microsoft Entra

Securely sign in across all your devices without relying on passwords or extra apps.
Watch the video
A person in a green jacket looking at a phone.
Documentation

Get phishing-resistant passwordless authentication

Minimize password theft with the strongest authentication method available in the marketplace.
Read more
A man and woman smiling.
Blog

Learn why your password doesn’t matter

Delve into the role passwords play in major cyberattacks—and how MFA can stop them.
Read the blog
A close-up of a person wearing a suit and tie.
Documentation

Use MFA to deter cyberattacks

Find out more about the effectiveness of MFA and how it protects your accounts from unauthorized access.
Get the report
A woman with long hair sitting at a table with a laptop.
Documentation

Create, configure, and test your MFA policy

Find out how to enable and use Microsoft Entra MFA with Conditional Access policies.
Learn more
A person sitting at a table looking at their phone.
Documentation

Provide a more secure way to authenticate

Secure Active Directory Federation Services (AD FS) resources, both on-premises and in the cloud.
Learn more
Back to carousel navigation controls

Frequently asked questions

  • Multifactor authentication (MFA) adds a layer of protection to the sign-in process. When accessing accounts or apps, users provide additional identity verification, such as scanning a fingerprint or entering a code received by phone.
  • Microsoft Entra ID has MFA capabilities built in that help organizations secure access to vital systems. MFA does this by requiring two or more of the following authentication methods:
     
    • Something you know, such as a password
    • Something you have, such as a trusted phone or hardware key
    • Something you are (biometrics), such as a fingerprint or face scan
     
  • Yes. MFA features are available to Microsoft 365 users at no extra cost. Microsoft 365 E3 includes Microsoft Entra ID P1, and E5 includes Microsoft Entra ID P2, which offer advanced MFA capabilities with Conditional Access for more granular control.
  • Microsoft Entra ID’s MFA capabilities support Microsoft Authenticator (with push notifications, passwordless sign-in, and biometrics), passkeys (FIDO2), certificate-based authentication, OATH tokens (hardware and software), SMS text messages, voice calls, and email verification.
  • Yes. Microsoft Entra ID supports passwordless authentication including Windows Hello for Business, passkeys (FIDO2 security keys), Microsoft Authenticator app, and Platform Credential for macOS. These methods are more secure and convenient, removing passwords while using something you have (device) plus something you know or are (PIN or biometrics).
  • No. MFA is included in your Microsoft 365 subscription as a capability of Entra ID. Microsoft 365 E3 includes Entra ID P1, and E5 includes Entra ID P2—both provide MFA at no additional cost. You can use security defaults for basic MFA or Conditional Access policies for advanced MFA control without purchasing separate licenses.
  • Set up MFA using Conditional Access policies (this requires Entra ID P1 or Entra ID P2) or security defaults (available in Entra ID Free). Sign in to the Microsoft Entra admin center to get started and check out the deployment guide for details.
Person seated on a sofa using a tablet in a minimalist indoor setting
Get started

Get started with Microsoft Entra ID

Strengthen your security with the MFA capabilities built into Microsoft Entra ID.
Try Entra ID for free Contact Sales
  1. [1]
    Microsoft Digital Defense Report 2024 (Microsoft, October 2024).

    Read the report
  2. [2]
    Microsoft Digital Defense Report 2025 (Microsoft, October 2025).

    Read the report
  3. [3]
    Microsoft Digital Defense Report 2025 (Microsoft, October 2025).

    Read the report
  4. [4]
    Once your paid subscription begins, you have a 7-day cancellation window to receive a prorated refund, only paying for what you use. You may cancel your subscription at any time in the Microsoft 365 admin center. Learn how to cancel your Microsoft 365 subscription. When a subscription is canceled, all associated data will be deleted. Learn more about data retention, deletion, and destruction in Microsoft 365.
  5. [5]
    The free edition of Microsoft Entra ID is included with a subscription of a commercial online service such as Microsoft Azure, Microsoft Dynamics 365, Microsoft Intune, Microsoft Power Platform, and others in countries where they are available for sale.

Follow Microsoft Security