Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Level 1 Contributor

Documentation says MFA for users is for free



I saw this "When these policies are enabled, each user will be able to utilize Azure MFA at no additional cost." sentense in this help page. I just confirmed it is working with one of our Sandbox's user and "End user protection" enabled but wanted to explicitly ask if that is OK to be applied on production too.


Best regards,



Hi @FikoIO


Yes, you can apply this to both your integration sandbox and your actual reseller tenant. Please note before you do this it is important to verify that any automation or integration you have has been updated to follow the Secure Application Model framework gudiance. This will ensure you do not encounter an issue when the policies are enabled. 

Level 3 Contributor



That page seems to be mentionning the "authenticator app", does that mean that SMS MFA is not an option via this policy?

Level 5 Contributor

@LukeMarlin, That is correct.  The Free MFA through the policy only includes the Authenticator app since Microsoft considers that to be the most secure option.  I've found that if I enable MFA at the user level using a licensed option, I still have access to SMS after applying the policy.  But that may change in the future.

Level 1 Contributor

Thank you for the reply @idwilliams ,


It seams the baseline policies are still in preview , do you konow when these are expected to be GA?