如何获取 Azure 多重身份验证How to get Azure Multi-Factor Authentication

如果想要保护帐户,应该在组织中标配双重验证。When it comes to protecting your accounts, two-step verification should be standard across your organization. 对资源拥有访问特权的帐户尤其需要此功能。This feature is especially important for accounts that have privileged access to resources. 为此,Microsoft 为 Office 365 和 Azure Active Directory (Azure AD) 管理员提供了基本的双重验证功能,无需额外费用。For this reason, Microsoft offers basic two-step verification features to Office 365 and Azure Active Directory (Azure AD) Administrators for no extra cost. 如果想要升级管理员的功能,或者将双重验证扩展到其他用户,可以用多种方式购买 Azure 多重身份验证。If you want to upgrade the features for your admins or extend two-step verification to the rest of your users, you can purchase Azure Multi-Factor Authentication in several ways.

Important

本文旨在指导用户如何以不同的方式购买 Azure 多重身份验证。This article is meant to be a guide to help you understand the different ways to buy Azure Multi-Factor Authentication. 有关定价和计费的具体详细信息,请始终参阅多重身份验证定价页For specific details about pricing and billing, you should always refer to the Multi-Factor Authentication pricing page.

可用的 Azure 多重身份验证版本Available versions of Azure Multi-Factor Authentication

下表介绍了多重身份验证的三个版本之间的差别:The following table describes the differences between three versions of multi-factor authentication:

版本Version 说明Description
适用于 Office 365 的多重身份验证Multi-Factor Authentication for Office 365
Microsoft 365 商业版Microsoft 365 Business
此版本专门与 Office 365 应用程序配合使用,可以从 Office 365 或 Microsoft 365 门户进行管理。This version works exclusively with Office 365 applications and is managed from the Office 365 or Microsoft 365 portal. 管理员可以使用双重验证来保护 Office 365 资源Administrators can secure Office 365 resources with two-step verification. 此版本是 Office 365 或 Microsoft 365 商业版订阅的一部分。This version is part of an Office 365 or Microsoft 365 Business subscription.
面向 Azure AD 管理员的多重身份验证Multi-Factor Authentication for Azure AD Administrators Azure AD 租户中被分配了 Azure AD 全局管理员角色的用户可以免费启用双重验证。Users assigned the Azure AD Global Administrator role in Azure AD tenants can enable two-step verification at no additional cost.

版本功能比较Feature comparison of versions

下表提供了 Azure 多重身份验证的各个版本中可用的功能列表。The following table provides a list of the features that are available in the various versions of Azure Multi-Factor Authentication.

Note

此比较表讨论了每个版本的多重身份验证的部分功能。This comparison table discusses the features that are part of each version of Multi-Factor Authentication. 如果拥有完整的 Azure 多重身份验证服务,某些功能可能不可用,具体取决于是否在云中使用 MFAIf you have the full Azure Multi-Factor Authentication service, some features may not be available depending on whether you use MFA in the cloud.

功能Feature 适用于 Office 365 的多重身份验证Multi-Factor Authentication for Office 365 面向 Azure AD 管理员的多重身份验证Multi-Factor Authentication for Azure AD Administrators Azure 多重身份验证Azure Multi-Factor Authentication
使用 MFA 保护 Azure AD 管理员帐户Protect Azure AD admin accounts with MFA ●(仅适用于 Azure AD 全局管理员帐户)● (Azure AD Global Administrator accounts only)
将移动应用用作第二个因素Mobile app as a second factor
将电话呼叫用作第二个因素Phone call as a second factor
将短信用作第二个因素SMS as a second factor
管理员控制验证方法Admin control over verification methods
PIN 模式PIN mode
通话的自定义问候语Custom greetings for phone calls
通话的自定义呼叫方 IDCustom caller ID for phone calls

如何为 Azure AD 管理员启用 Azure 多重身份验证How to turn on Azure Multi-Factor Authentication for Azure AD Administrators

Azure AD 租户中被分配了全局管理员角色的用户可以免费为其 Azure AD 全局管理员帐户启用双重验证。Users assigned the Global Administrator role in Azure AD tenants can enable two-step verification for their Azure AD Global Admin accounts at no additional cost. 如果使用的是 Microsoft 帐户,则可以使用 Microsoft 帐户支持文章关于双重验证中的指南注册多重身份验证。If you are using a Microsoft Account, you can register for multi-factor authentication using the guidance found in the Microsoft account support article, About two-step verification. 如果未使用 Microsoft 帐户,请使用文章如何对用户或组要求双重验证中的指南为全局管理员启用多重身份验证。If you are not using a Microsoft Account, turn on multi-factor authentication for Global Admins using the guidance found in the article How to require two-step verification for a user or group.

后续步骤Next steps