适用于你的组织的 Azure 多重身份验证概述Overview of Azure Multi-Factor Authentication for your organization

可以通过多种方式基于你的组织拥有的许可证为 Azure Active Directory (AD) 用户启用 Azure 多重身份验证。There are multiple ways to enable Azure Multi-Factor Authentication for your Azure Active Directory (AD) users based on the licenses that your organization owns.

调查信号并根据需要强制实施 MFA

根据我们的调查,如果你使用多重身份验证 (MFA),有 99.9% 以上的概率可以避免你的帐户遭到入侵。Based on our studies, your account is more than 99.9% less likely to be compromised if you use multi-factor authentication (MFA).

那么,为避免遭到入侵,组织应如何免费启用 MFA 呢?So how does your organization turn on MFA even for free, before becoming a statistic?

免费选项Free option

利用 Azure AD 免费权益的客户可以使用安全默认值在其环境中启用多重身份验证。Customers who are utilizing the free benefits of Azure AD can use security defaults to enable multi-factor authentication in their environment.

Microsoft 365 商业版、E3 或 E5Microsoft 365 Business, E3, or E5

使用 Microsoft 365 的客户可以使用两个选项:For customers with Microsoft 365, there are two options:

  • 针对所有用户的所有登录事件启用或禁用 Azure 多重身份验证。Azure Multi-Factor Authentication is either enabled or disabled for all users, for all sign-in events. 无法做到仅为一部分用户或者仅在特定的情况下启用多重身份验证。There is no ability to only enable multi-factor authentication for a subset of users, or only under certain scenarios. 管理是通过 Office 365 门户进行的。Management is through the Office 365 portal.
  • 若要改进用户体验,请升级到 Azure AD Premium P1 或 P2 并使用条件访问。For an improved user experience, upgrade to Azure AD Premium P1 or P2 and use Conditional Access. 有关详细信息,请参阅使用多重身份验证保护 Microsoft 365 资源。For more information, see secure Microsoft 365 resources with multi-factor authentication.

Azure AD Premium P1Azure AD Premium P1

对于具有 Azure AD Premium P1 的客户,或者具有包含此功能的类似许可证(例如企业移动性 + 安全性 E3、Microsoft 365 F1 或 Microsoft 365 E3)的客户:For customers with Azure AD Premium P1 or similar licenses that include this functionality such as Enterprise Mobility + Security E3, Microsoft 365 F1, or Microsoft 365 E3:

在特定的情况下或者发生特定事件期间,根据业务要求使用 Azure AD 条件访问提示用户执行多重身份验证。Use Azure AD Conditional Access to prompt users for multi-factor authentication during certain scenarios or events to fit your business requirements.

Azure AD Premium P2Azure AD Premium P2

对于具有 Azure AD Premium P2 的客户,或者具有包含此功能的类似许可证(例如企业移动性 + 安全性 E5 或 Microsoft 365 E5)的客户:For customers with Azure AD Premium P2 or similar licenses that include this functionality such as Enterprise Mobility + Security E5 or Microsoft 365 E5:

提供了最强的安全保障和改进的用户体验。Provides the strongest security position and improved user experience.

身份验证方法Authentication methods

方法Method 安全默认值Security defaults 所有其他方法All other methods
通过移动应用发送通知Notification through mobile app XX XX
移动应用或硬件标志提供的验证码Verification code from mobile app or hardware token XX
向手机发送短信Text message to phone XX
拨打电话Call to phone XX

后续步骤Next steps

若要开始,请参阅有关使用 Azure 多重身份验证保护用户登录事件的教程。To get started, see the tutorial to secure user sign-in events with Azure Multi-Factor Authentication.

有关许可的详细信息,请参阅 Azure 多重身份验证的功能和许可证For more information on licensing, see Features and licenses for Azure Multi-Factor Authentication.