Your company has an Azure Active Directory (Azure AD) tenant named contoso.com that is configured for hybrid coexistence with the on-premises Active Directory Domain.
The tenant contains the users shown in the following users.
User1: User Type - Member, Source - AzureAD, Sign-in - User1@contoso.com.
User2: User Type - Member, Source - Windows Server Active Directory, Sign-in - User2@contoso.com.
User3: User Type - Guest, Source - Multiple, Sign-in - User3@outlook.com.
User4: User Type - Guest, Source - Multiple, Sign-in - User4@gmail.com.
Whenever possible, you need to enable Azure Multi-Factor Authentication (MFA) for the users in contoso.com.
Which users should you enable for Azure MFA?
The security of two-step verification lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user's password, it is useless without also having possession of the additional authentication method. It works by requiring two or more of the following authentication methods:
Something you know (typically a password)
Something you have (a trusted device that is not easily duplicated, like a phone)
Something you are (biometrics)
Multi-Factor Authentication comes as part of the following offerings:
Azure Active Directory Premium or Microsoft 365 Business - Full featured use of Azure Multi-Factor Authentication using Conditional Access policies to require multi-factor authentication.
Azure AD Free or standalone Office 365 licenses - Use pre-created Conditional Access baseline protection policies to require multi-factor authentication for your users and administrators.
Azure Active Directory Global Administrators - A subset of Azure Multi-Factor Authentication capabilities are available as a means to protect global administrator accounts.