By default, the Azure AD service supports the use of passwords as its only authentication method for user sign-ins. Azure Multi-Factor Authentication is the service that requires users to also verify sign-ins by using a mobile app, phone call, or text message. You can use it together with Azure AD or together with custom applications and directories by using the SDK. You can also use it together with on-premises applications by using Multi-Factor Authentication Server. When you are using the service together with Azure AD, administrators can enable the service for a directory user. The next time that user signs in, the user will be prompted to set up the specifics of his or her multi-factor authentication experience. The user can specify up to three phone numbers (mobile, office, and alternate) to be used for authentication through phone calls or text messages. Also, the user must specify whether he or she will use the Multi-Factor Authentication mobile app, which offers out-of-band push and one-time passcode authentication options.
The video below explains the process.
For more information visit: https://msdn.microsoft.com/en-us/library/azure/dn249471.aspx