WatchGuard Support Center

Knowledge Base - Article

000017106
 Can Azure AD AuthPoint Users Use Office 365?

Information
Can users that are synced from Azure AD use AuthPoint MFA with Office 365?
Users synced directly from Azure Active Directory (Azure AD) can use almost any AuthPoint integration, such as VPNs, cloud applications, remote access, and the Logon app. However, at this time, Office 365 does not support AuthPoint MFA for users that only exist in Azure AD (they are not synced with a local AD server). This is because of a Microsoft limitation.

Here is an explanation:
  • To authenticate users that only exist in Azure AD, third-party MFA solutions such as AuthPoint must use a Microsoft feature called Conditional Access with Custom Controls.
  • This feature started a public preview several years ago, but it was never made generally available (you can see here that it is still listed as in preview).
  • To use Custom Controls, third-party MFA solutions must be registered by Microsoft.
  • In 2018, Microsoft announced that they would not register any more MFA solutions.
  • Microsoft does not recommend that customers use the Custom Controls feature.
  • On 20 March 2020, Microsoft announced that this feature will not be made generally available.
  • Microsoft plans to offer a Credentials Management feature for third-party MFA solutions like AuthPoint, but there is not a set date for this (see this blog post).
​​​​​To use AuthPoint or any other third-party MFA solution for Office 365, you must use a local AD server. If your Azure AD users are synced with a local AD server, you can successfully configure AuthPoint MFA for Office 365 (see Office 365 Integration with AuthPoint).