Hi @Kelvin Ho • Thank you for reaching out.
I understood that you want to specifically use the SMS method to perform multi-factor authentication via Azure AD for Fortinet SSLVPN.
To meet this requirement, you will need at least Azure AD Premium 1 License.
The Azure AD Free and Office 365 versions support MFA via Security Defaults but in this case, you won't get the option to select the authentication method as this is a free version and comes with limited options. So, in this case,
- You can only use the authenticator app for MFA.
- Security defaults can be enabled at the tenant level, so you cannot select a subset of users to enforce MFA to. If this option is enabled, MFA will be enforced to all users.
The Azure AD Premium P1/P2 versions provide improved user experience by allowing you to select the multi-factor authentication method (Phone call/SMS/Authenticator App). It also allows the use of Conditional Access to enforce MFA to a specific set of users, apps, locations etc.
Below are all the available licensing options for MFA:
- Microsoft 365 Business Premium and EMS or Microsoft 365 E3 and E5: EMS E3, Microsoft 365 E3, and Microsoft 365 Business Premium includes Azure AD Premium P1. EMS E5 or Microsoft 365 E5 includes Azure AD Premium P2. You can use the same Conditional Access features noted in the following sections to provide multi-factor authentication to users.
- Azure AD Premium P1: You can use Azure AD Conditional Access to prompt users for multi-factor authentication during certain scenarios or events to fit your business requirements.
- Azure AD Premium P2: Provides the strongest security position and improved user experience. Adds risk-based Conditional Access to the Azure AD Premium P1 features that adapts to user's patterns and minimizes multi-factor authentication prompts.
- All Microsoft 365 plans: Azure AD Multi-Factor Authentication can be enabled all users using security defaults. Management of Azure AD Multi-Factor Authentication is through the Microsoft 365 portal. For an improved user experience, upgrade to Azure AD Premium P1 or P2 and use Conditional Access. For more information, see secure Microsoft 365 resources with multi-factor authentication.
- Office 365 free & Azure AD free: You can use security defaults to prompt users for multi-factor authentication as needed but you don't have granular control of enabled users or scenarios, but it does provide that additional security step. Even when security defaults aren't used to enable multi-factor authentication for everyone, users assigned the Azure AD Global Administrator role can be configured to use multi-factor authentication. This feature of the free tier makes sure the critical administrator accounts are protected by multi-factor authentication.
-----------------------------------------------------------------------------------------------------------
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.