we have just completed Hybrid setup in on_prem exchange and want to enable MFA, we have only few users who have been Migrated to office 365. My doubt here is, if I enable MFA for all does it also applies to the users whose mailboxes still exits on-prem.
SnapOverflow
For Cloud-only identity environment with modern authentication, No additional prerequisite tasks. But for Hybrid identity scenarios, we need additional configuration.
If you didn’t configure it to fit Hybrid deployment, I test on lab, the cloud user will work with MFA as expected. For the AD synced accounts, which mailbox is still in on-premises server, MFA will not apply to it.
Azure Multi-Factor Authentication (MFA) helps safeguard access to data and applications while maintaining simplicity for users. It provides additional security by requiring a second form of authentication and delivers strong authentication via a range of easy to use authentication methods. It is used on Azure AD accounts, no matter where the mailboxes are. If you enable MFA for all, it applies to all the accounts in Office 365 portal, including the accounts synced from local AD.