While hosted MFA server (Azure MFA Server) supports any TOTP tokens, however, cloud Azure MFA is currently not supported. Microsoft has announced that this feature is currently in development, but there are no release dates announced yet.
Until this becomes available, the only way to use hardware tokens with Azure Cloud MFA (for example for Office 365 combined with on-prem Active Directory access) is to benefit from programmable hardware tokens such as Token2 MiniOTP.
miniOTP-1 fully emulates mobile apps, from the backend's point of view, the users will still be relying on mobile apps (i.e. Google Authenticator). Installation is easy
Step 1. Obvious enough, buy the token(s) (see the promocode below)
Step 2. Install Token2 Burner App and make sure your token is accessible via NFC
Step 3. Enable or reconfigure the Authenticator app on your Office 365 account. When the QR code is shown, make sure you choose the "Configure app without notifications" option. The default one is not standard TOTP key
Step 4. Burn the token with Token2 Burner App. Just scan the QR code with the app, then place the token on the back of your phone and click "Burn"
Step 5. Verify the token by keying in the OTP code the newly "burnt" token has generated and complete the enrollment
As simple as that. You can order programmable tokens here.
Important! Use the promo code below to get a 5% discount (valid until end-October 2018):