What is the difference between MFA via Microsoft Intune and via Office 365?

BLOG-1000070Earlier this week I described how to enable Multi Factor Authentication for Microsoft Intune via Office 365. In a (Twitter) conversation with EMS Technical Evangelist Simon May I learned that there are some differences between the MFA implementation for Microsoft Intune and Office 365.

Let’s have a look at what the differences are.

Before pointing out the differences let’s have a look at the features of Multifactor Authentication in both products in the Microsoft Enterprise Mobility Suite.

Office 365

In Office 365 you are able Multifactor Authentication per user, this means that after a user is enabled for MFA the user need to configure a contact method and optional application passwords. If MFA is enabled, it is then the primary logon method when logging into services of Office 365 and Microsoft Intune.

If you want to use Microsoft ActiveSync you can create an application password for this which allows you to get around Multi Factor Authentication.

Microsoft Intune

When using Microsoft Intune you are able to enable MFA from the Microsoft Intune console. See in the blog of Peter van der Woude how to enable MFA in Microsoft Intune. In Microsoft Intune MFA is only used while enrolling a Windows 8.1 or Windows Phone 8.1 device, after the device is enrolled all logon events are handled via username and passwords. When currently enrolling an other device no MFA is used.

To summarize see the table below for the currently supported features / ways of using MFA:

Subject Via Office 365 Via Microsoft Intune
Enrollment MFA MFA
Authentication to Company Portal MFA Username and Password
MFA enabled Per user (or batch) Global
MFA Supported iOS, Windows X, Windows Phone, Android Windows 8.1, Windows Phone 8.1


So both implementations are a bit different, if you have both Office 365 and Microsoft Intune you have a choice. If you have only Microsoft Intune and you want a higher level of security, you also might have a look at a blogpost of Nico Sienaert he adds MFA support via Microsoft Azure MFA.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Adding MFA to Microsoft Intune (hybrid scenario) the easy and cheap way

Next Post

Session resources SCCM User Group Hamburg

Related Posts