The course is part of these learning pathsSee 2 more
Configure Multi-Factor Authentication
Multi-factor authentication or MFA is no longer optional, and it is paramount that you protect not only your privileged accounts but enable it for all accounts. Azure Active Directory offers the ability to secure your identities with an additional authentication method. Verification of your identity can be done via an automated voice call, text message, through the Microsoft Authenticator app, or with a verification code.
Azure multi-factor authentication can be enforced using different methods. We will configure the user settings to give the ability to a user to report fraudulent attempts on their accounts. We will also review how an administrator can provide a one-time bypass code and whitelist trusted locations to bypass the two-step verification. Lastly, you will see how to configure Azure Active Directory conditional access to enforce MFA on cloud-based applications.
- Identify the different methods of enabling two-step verification
- Configure multi-factor authentication for users
- Configure settings for MFA
- Implement Azure Active Directory conditional access for MFA
- People who want to become Azure administrators
- People preparing for Microsoft’s AZ-101 or AZ-300 exam
- General knowledge of Azure Active Directory
Related Training Content
To see more Microsoft Azurecontent, visit our Azure Training Library.
The trusted IPs feature of Azure Multi-Factor Authentication is configured by your administrator to bypass two-step verification for users who sign in from a trusted location like the office. But will be prompted by MFA elsewhere, like your favorite coffee shop. Trusted IPs fall into two categories, managed and federated.
Managed users, you can simply add the IP address range from your office to bypass the two-step verification. Federated users on the other hand, if your organization uses Active Directory Federated Services, select the check box for skip multifactor authentication for requests from federated users on my intranet, and users who sign in to the office will bypass the two-step verification by using a claim that is issued by Active Directory Federated Services.
Back in Azure Active Directory where we will configure trusted IPs. Go to users and select multifactor authentication. Once the multifactor authentication page displays, select service settings. Under trusted IPs you can enter the IP address, using the CIDR notation. As an example, we can add 192.168.0.0/24. If your users are federated you can select a check box to skip multifactor for requests from federated users on my intranet. You do not need to provide an IP address range for this option. Scroll to the bottom and select save.
About the Author
With over 15 years of experience in the IT industry, Eric Leonard is a Microsoft Azure MVP and a Cloud Solution Architect. Eric’s experience working with Microsoft technologies, with a strong emphasis on cloud and automation solutions, enables his clients to succeed in today’s technological environment. Eric has worked for clients in a variety of different industries including large and small enterprises, the public sector, professional services, education, and communications.
When he is not working, Eric believes in sharing his knowledge and giving back to the IT community. He is the co-organizer of the Ottawa IT community meetup, which has over 1,000 members, and he enjoys presenting and mentoring in the community.