Using multi-factor authentication as an additional security layer for your accounts in Azure Germany is very easy. Just login to the Azure Germany portal (https://portal.microsoftazure.de) with a Global Administrator account and jump to the Azure Active Directory blade.
Next, click on Multi-Factor Authentication in the overview pane to access the MFA portal. There you can activate MFA for a single user or a bunch of users.
After you have activated MFA for a user, the user has to set up its MFA settings during the next login. The only authentication method where user information stays in Azure Germany is the option mobile app. The other options must be specifically enabled by the administrator under service settings and you will also get a note, that user information maybe transferred and stored out of Azure Germany.
The mobile app Microsoft Authenticator is available for all three major platforms.
Make sure, when you set up MFA with the mobile app, to choose under ADD ACCOUNT the option “Other (Google, Facebook, etc)”. The option “Work or school account” does not work.
To finish the setup process you have to enter the code that is generated by the mobile app and you are done.
The next time you login to the Azure Germany portal or PowerShell you are asked to enter a verification code as a second factor.