How do I configure MFA for Windows workstations using Azure MFA?

Question

We have Windows 10 workstations joined to our on-premises Active Directory (not Azure AD joined) and users currently log on with usernames and passwords only. We'd like to have users also receive an MFA prompt on their mobile devices when logging on to them locally (physically sitting in front of the Windows 10 PC) and via remote desktop. How do we do this?

We will have Azure AD Connect deployed and syncing accounts to Azure. Since we already have Azure licenses, we'd like to use that instead of Duo or another offering.

Thanks!

Answer 1

• One of the authentication methods in Azure AD for the users to receive an MFA prompt on their mobile devices is the Microsoft Authenticator app.
• Users can either approve or deny the notification that they receive through the mobile app or use the Authenticator app to produce an OATH verification code that can be given in a sign-in interface.
• A user who has enabled phone sign-in via the Microsoft Authenticator app sees a message to enter a number in their app instead of password prompt after entering a username. The sign-in process is complete once the correct number is chosen.
  Please refer this link for Authentication methods in Azure AD (Phone Options) You can also configure and enable users for SMS-based authentication which allows users to log in without having to provide or even remember their user name and password.