![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(86.4, 81%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EBM%3C/text%3E%3C/svg%3E)
25,081 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGM%3C/text%3E%3C/svg%3E)
Yes, it's possible to enforce multi-factor authentication (MFA) for users signing in to your Azure web application using their Microsoft accounts via OpenID Connect (OIDC). While Conditional Access offers granular control over access policies and requires premium licenses, there are simpler ways to enforce MFA for your application. You can achieve this by configuring the MFA settings directly within Azure Active Directory (Azure AD), without the need for Conditional Access. Here's a step-by-step guide:
- Navigate to Azure Active Directory in the Azure portal: Go to the Azure portal (https://portal.azure.com) and select your Azure Active Directory.
- Security settings: Navigate to the "Security" section of Azure Active Directory.
- Conditional Access policies: You can create Conditional Access policies here, but as you mentioned, these are part of the premium features. Instead, for basic MFA enforcement, go to "Authentication methods" under the "Security" section.
- Configure MFA: Under "Authentication methods", you can configure "Multi-Factor Authentication". Here, you can enforce MFA for all users, specific groups, or for Azure service management. Select the appropriate option for your application.
- Select users/groups: Choose the users or groups for whom you want to enforce MFA. In your case, you might want to select all users accessing your web application.
- Save settings: Once you've configured the MFA settings as per your requirements, save the changes.
By enforcing MFA at the Azure AD level, any user attempting to sign in to your web application with their Microsoft account will be prompted to complete the MFA process, thereby adding an extra layer of security to their authentication. Additionally, make sure that your application's authentication flow is configured to handle MFA challenges appropriately. This typically involves detecting MFA requirements during the authentication process and redirecting users to complete the MFA process if necessary. By following these steps, you can enforce MFA for users accessing your Azure web application via Microsoft accounts without the need for Conditional Access policies.
