How the Azure Active Directory baseline security policy enforces multi-factor authentication for privileged administrator accounts in Office 365 and Azure AD.
Azure Active Directory Conditional Access Policies and the Office 365 Portal
Microsoft is rolling out a change from August 2017 for Azure Active Directory conditional access policies to begin applying to the Office 365 portal.
First Steps: Securing Office 365 Administrator Accounts with Multi-Factor Authentication
How to protect Office 365 administrator accounts by enabling multi-factor authentication (MFA).
Can Exchange Web Services be Accessed by Bypassing Multi-Factor Authentication?
A security researcher claims that Exchange has a vulnerability that allows Exchange Web Services to be accessed by bypassing multi-factor authentication.