MFA for O365 only when in the office

pspecht · ‎03-17-2022

Im researching MFA for our O365 apps.

I want to verify some things.

We currently have MS Microsoft 365 Business Standard, and the Duo Access plan.

We have on prem AD and hybrid Exchange. Ad is sync’d to MS365.

We are looking at MFA only when users are not in the office.

From what I interpret in researching, we will need a P1 or P2 license, or is it just Microsoft 365 Business Premium? Im not 100% with MS changing the licensing names.
The upgrade will give me Azure AD Premium.
Then we will be able to use conditional access to achieve the MFA only when out of the office

Then I can follow this Microsoft Azure Active Directory | Duo Security

Is this how I should understand this?

william.smith · ‎03-18-2022

In the policy under Authorized networks you can allow access without 2FA based on IP.

Amy2 · ‎03-21-2022

Hi @ughitsthatguy, welcome to the Duo Community! Thanks for sharing your question here. You are correct that in order to use Duo with Microsoft Azure Active Directory Conditional Access policies, you will need a subscription to Azure AD P1 or better. More information can be found in the article here: Which Azure and Duo subscription plans can use Duo MFA for Conditional Access?

As @william.smith points out though, if you’re just looking for options to require Duo authentication or block access entirely on a per-network basis, you can do this through the Duo authorized networks policy and use a different Duo integration to protect Office 365 that doesn’t require a premium subscription. You do not need an Azure subscription if you protect Office 365 via AD FS or Duo Single Sign-On (SSO) for example.

ETA: You may want to speak to a Duo sales team member if you are not already, as they can provide some more helpful guidance and walk you through things a bit more!