Multi-factor authentication (MFA) and the eventual abandoning of password based authentication is just around the corner. Of course MFA is available on many services right now, but saying goodbye to passwords is still a work in progress. The state of MFA with Microsoft isn’t scary at all, and it could be time to dip your toes into a more secure setup. Microsoft, MFA and Biometrics Microsoft has placed themselves pretty well as being an identity provider who can leverage Windows Hello for both enterprise and consumer customers for biometric authentication methods. There’s plenty of freely available documentation on how to achieve this, but it’s a big mindset and hardware change to have this available across your entire company. Putting aside biometrics, Microsoft has a few nice, simple methods of MFA; SMS, Phone Call, and Authenticator App approval. SMS most people already know – log in, receive an SMS code, enter the code and away you go. The Phone Call option is similar, except you receive an automated call and press a button on your phone to continue with the login. Lastly, the Authenticator App is the least quick for a user to set up, but the quickest to use ongoing. A one-time setup requires the user to download the Microsoft Authenticator app from their mobile phone’s store, point the phone at the screen to read a QR code, and they’re ready to go. Ongoing, they’ll just get a notification via the app on their phone for MFA, which they can instantly approve without needing to write in any more codes. Enabling Microsoft MFA If you’re a Microsoft customer and not using MFA, it’s quite easy to get started. Assuming you’re using Azure AD and have appropriate licensing, you could go off and just enable MFA for all your users through a nice big blue button; Don’t do this unless you REALLY want your entire userbase to use MFA all the time. Some companies may need this, however there’s another method that gives you much more control over the criteria of when MFA is needed or not; Conditional Access.