Multi-Factor Authentication for Call Center Users in Microsoft 365

Requirements for Enforcing Multi-Factor Authentication in Call Center

Question

Your company has a Microsoft 365 tenant.

The company has a call center that contains 300 users.

In the call center, the users share desktop computers and might use a different computer every day.

The call center computers are NOT configured for biometric identification.

The users are prohibited from having a mobile phone in the call center.

You need to require multi-factor authentication (MFA) for the call center users when they access Microsoft 365 services.

What should you include in the solution?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-authentication-passwordless

To require multi-factor authentication (MFA) for call center users when they access Microsoft 365 services, we need to choose the appropriate MFA option that suits the given scenario.

Option A: Named network location Named network locations are used to identify trusted network locations, and we can exclude MFA prompts for users when they sign in from a trusted network location. However, this option is not suitable for the given scenario because the call center users use different computers every day, and there is no specific trusted network location.

Option B: Microsoft Authenticator app The Microsoft Authenticator app is a mobile app that provides MFA by generating one-time passcodes (OTPs) or approving sign-in requests. However, the users are prohibited from having a mobile phone in the call center, so this option is not suitable.

Option C: Windows Hello for Business authentication Windows Hello for Business is a biometric authentication option that uses facial recognition, fingerprints, or PINs to authenticate users. However, the call center computers are not configured for biometric identification, so this option is not suitable.

Option D: FIDO2 tokens FIDO2 (Fast Identity Online 2) tokens are physical devices that provide MFA by generating public-key credentials. FIDO2 tokens do not require a mobile phone or biometric identification and can be used on any computer with a USB port. Therefore, FIDO2 tokens are the most suitable option for the given scenario.

In conclusion, the solution to require MFA for call center users when they access Microsoft 365 services is to use FIDO2 tokens.