Microsoft Entra ID and Office 365 support MFA using an external MFA provider, such as Deepnet DualShield MFA, in 2 different ways:
- Federated AuthenticationÂ
- External Authentication Method (EAM)
Federated Authentication is a legacy solution that Microsoft provided in the past. It can only be implemented at the domain level, and it does not support Entra ID Conditional Access Policies. In contrast, the External Authentication Method is a modern authentication method that Microsoft provided recently. It can be implemented at any level, including user, group, and domain, and it fully supports Conditional Access Policies in Entra ID.
Therefore, we recommend the External Authentication Method (EAM) over Federated Authentication.