The course is part of these learning pathsSee 2 more
Configure Multi-Factor Authentication
Multi-factor authentication or MFA is no longer optional, and it is paramount that you protect not only your privileged accounts but enable it for all accounts. Azure Active Directory offers the ability to secure your identities with an additional authentication method. Verification of your identity can be done via an automated voice call, text message, through the Microsoft Authenticator app, or with a verification code.
Azure multi-factor authentication can be enforced using different methods. We will configure the user settings to give the ability to a user to report fraudulent attempts on their accounts. We will also review how an administrator can provide a one-time bypass code and whitelist trusted locations to bypass the two-step verification. Lastly, you will see how to configure Azure Active Directory conditional access to enforce MFA on cloud-based applications.
- Identify the different methods of enabling two-step verification
- Configure multi-factor authentication for users
- Configure settings for MFA
- Implement Azure Active Directory conditional access for MFA
- People who want to become Azure administrators
- People preparing for Microsoft’s AZ-101 or AZ-300 exam
- General knowledge of Azure Active Directory
Related Training Content
To see more Microsoft Azurecontent, visit our Azure Training Library.
Azure Multi-Factor Authentication includes the ability to report fraud alerts. This empowers the user to proactively report attempts of someone trying to use their account. Users can report the fraud alerts through the Microsoft Authenticator app by denying the approve request or when receiving the automated phone call by entering the fraud code. Fraud alert is not enabled by default and will need to be configured in Azure Active Directory. Luckily, it's a pretty simple process of enabling it with minimal configuration. The first option is, allow users to submit fraud alerts. By default, this is set to off. But you can then switch it on to enable fraud alerts. The second option is, automatically block users who report fraud. Once the user reports fraudulent activity through the Multifactor Authentication their account will be automatically blocked for 90 days or until an administrator unblocks their account.
The third and last option is, code to report fraud during the initial greeting. When a user receives the automated phone call for the two-step verification, you will hit pound to authenticate. If you receive the automated phone call and didn't sign in, you can report fraud, by typing the code followed by pound. The default is zero pound. Here we are back in the Azure portal, where we'll configure fraud alerts for Multifactor Authentication. In Azure active directory under security, select MFA, and then select fraud alert. In this screen we will set the allow users to submit fraud alerts setting to on. You can then choose to automatically block users who report fraud or not. And finally you can set the code to report fraud during the initial greeting. Select save.
Now that fraud alert is enabled our fictitious user, Ari, has received a phone call to authenticate. But Ari did not initiate the request. Ari can simply hit zero and then pound sign to report. This will automatically block this account. Now let's see what happens when a user is blocked. Back in Azure active directory you go to MFA and select block unblock users. Here we will find a list of blocked users with the reason why it's blocked and the date. To unblock an account as the administrator you can select unblock and provide a short description of why you are unblocking the account and click okay.
About the Author
With over 15 years of experience in the IT industry, Eric Leonard is a Microsoft Azure MVP and a Cloud Solution Architect. Eric’s experience working with Microsoft technologies, with a strong emphasis on cloud and automation solutions, enables his clients to succeed in today’s technological environment. Eric has worked for clients in a variety of different industries including large and small enterprises, the public sector, professional services, education, and communications.
When he is not working, Eric believes in sharing his knowledge and giving back to the IT community. He is the co-organizer of the Ottawa IT community meetup, which has over 1,000 members, and he enjoys presenting and mentoring in the community.