Requirements for Enforcing Multi-Factor Authentication in Call Center

D.

To require multi-factor authentication (MFA) for call center users when they access Microsoft 365 services, we need to choose the appropriate MFA option that suits the given scenario.

Option A: Named network location Named network locations are used to identify trusted network locations, and we can exclude MFA prompts for users when they sign in from a trusted network location. However, this option is not suitable for the given scenario because the call center users use different computers every day, and there is no specific trusted network location.

Option B: Microsoft Authenticator app The Microsoft Authenticator app is a mobile app that provides MFA by generating one-time passcodes (OTPs) or approving sign-in requests. However, the users are prohibited from having a mobile phone in the call center, so this option is not suitable.

Option C: Windows Hello for Business authentication Windows Hello for Business is a biometric authentication option that uses facial recognition, fingerprints, or PINs to authenticate users. However, the call center computers are not configured for biometric identification, so this option is not suitable.

Option D: FIDO2 tokens FIDO2 (Fast Identity Online 2) tokens are physical devices that provide MFA by generating public-key credentials. FIDO2 tokens do not require a mobile phone or biometric identification and can be used on any computer with a USB port. Therefore, FIDO2 tokens are the most suitable option for the given scenario.

In conclusion, the solution to require MFA for call center users when they access Microsoft 365 services is to use FIDO2 tokens.