You can
Configure
Multi-Factor Authentication (MFA) to ensure that each user
authenticates using multiple methods (factors) when accessing highly
sensitive services and applications. For example, you can force
users to enter a login password and then enter a verification code
that they receive by phone before allowing access to important financial
documents. This approach helps to prevent attackers from accessing
every service and application in your network just by stealing passwords.
Of course, not every service and application requires the same degree
of protection, and MFA might not be necessary for less sensitive
services and applications that users access frequently. To accommodate
a variety of security needs, you can
Configure
Authentication Policy rules that trigger MFA or a single
authentication factor (such as login credentials or certificates)
based on specific services, applications, and end users.