Multi-factor authentication or MFA is no longer optional, and it is paramount that you protect not only your privileged accounts but enable it for all accounts. Azure Active Directory offers the ability to secure your identities with an additional authentication method. Verification of your identity can be done via an automated voice call, text message, through the Microsoft Authenticator app, or with a verification code.
Azure multi-factor authentication can be enforced using different methods. We will configure the user settings to give the ability to a user to report fraudulent attempts on their accounts. We will also review how an administrator can provide a one-time bypass code and whitelist trusted locations to bypass the two-step verification. Lastly, you will see how to configure Azure Active Directory conditional access to enforce MFA on cloud-based applications.
Learning Objectives
- Identify the different methods of enabling two-step verification
- Configure multi-factor authentication for users
- Configure settings for MFA
- Implement Azure Active Directory conditional access for MFA
Intended Audience
- People who want to become Azure administrators
- People preparing for Microsoft’s AZ-303 exam
Prerequisites
- General knowledge of Azure Active Directory
Related Training Content
To see more Microsoft Azurecontent, visit our Azure Training Library.
The one-time bypass feature of Azure Multi-Factor Authentication is used as a single time to bypass the two-step verification. As an example, if a user lost their phone, they could not complete the two-step verification. In this instance, they would need to contact an administrator to bypass the two-step verification. Once a user is added to the one-time bypass list, it goes into effect immediately and expires after the specified time. The default period is 300 seconds or five minutes.
Back in the Azure Portal where we will allow a user to bypass the two-step verification. In Azure Active Directory under Security, select MFA and then select One-time bypass. On the One-time bypass page, you can change the global default from 300 seconds to between five and 1,800 seconds. To add a user to bypass the two-step verification, select Add. Add the user name under User. You can change the default seconds and enter a reason for the one-time bypass and click OK. Now the user can log in and bypass the two-step verification, but remember that this is only one time or single bypass of the two-step verification.
With over 15 years of experience in the IT industry, Eric Leonard is a Microsoft Azure MVP and a Cloud Solution Architect. Eric’s experience working with Microsoft technologies, with a strong emphasis on cloud and automation solutions, enables his clients to succeed in today’s technological environment. Eric has worked for clients in a variety of different industries including large and small enterprises, the public sector, professional services, education, and communications.
When he is not working, Eric believes in sharing his knowledge and giving back to the IT community. He is the co-organizer of the Ottawa IT community meetup, which has over 1,000 members, and he enjoys presenting and mentoring in the community.