Can I have a unique MFA for different Azure Subscriptions with one Tenant?

Question

Currently I am looking at a configuration of a single Azure Tenant with multiple Subscriptions. Prod and non-Prod resources are separated by Subscriptions.

I am looking to understand how I could implement MFA via Microsoft Authenticator in such a way that

Users are required to enter a different PIN or Credential for different environments. I am looking to separate Production from Non-Production and from Corporate email, etc.
Users would be issued a unique token for each environment.

Azure AD Groups would be used within Subscriptions to restrict which users can access different resources.

Can this be achieved within a single tenant?

score 0 · Answer 1 · answered Sep 07 '22 at 21:42

0

The MFA settings are at the Tenant level, you cannot set different MFA settings for each subscription.

You need to have each subscription in a unique tenant to achieve your requirement.

answered Sep 07 '22 at 21:42

SoySolisCarlos

165
1
3

Can I have a unique MFA for different Azure Subscriptions with one Tenant?

1 Answers1