MFA Settings

Configure Multi-Factor Authentication methods, policies, and enforcement settings across your organization.

Authentication Methods

Method	Security Level	User Experience
Microsoft Authenticator	High	Push notification or number matching
FIDO2 Security Keys	Very High	Passwordless hardware key
Windows Hello	Very High	Biometric or PIN
SMS	Medium	Text message code
Voice Call	Medium	Phone call verification
Email OTP	Medium	One-time code via email

Per-User MFA vs Conditional Access

Per-user MFA — Legacy approach, enabled per individual user
Conditional Access — Recommended approach, policy-based MFA enforcement

Settings

Default method — Preferred authentication method for users
Registration enforcement — Require MFA registration by deadline
Number matching — Required for Authenticator push notifications
Fraud alerts — Allow users to report suspicious MFA prompts

API Reference

GET /api/security/mfa/settings — Get MFA settings
PUT /api/security/mfa/settings — Update MFA settings
GET /api/security/mfa/methods — List enabled methods

Last updated on February 13, 2026

Conditional Access MFA Status