Microsoft Entra ID and Office 365 support MFA using an external MFA provider, such as Deepnet DualShield MFA, in 2 different ways:
Federated Authentication is implemented at the domain level and does not support Entra ID Conditional Access Policies. In contrast, the External Authentication Method can be implemented at any level, including user, group, and domain, and it fully supports Conditional Access Policies in Entra ID.
Therefore, we recommend External Authentication Method (EAM)