The course is part of these learning pathsSee 2 more
Configure Multi-Factor Authentication
Multi-factor authentication or MFA is no longer optional, and it is paramount that you protect not only your privileged accounts but enable it for all accounts. Azure Active Directory offers the ability to secure your identities with an additional authentication method. Verification of your identity can be done via an automated voice call, text message, through the Microsoft Authenticator app, or with a verification code.
Azure multi-factor authentication can be enforced using different methods. We will configure the user settings to give the ability to a user to report fraudulent attempts on their accounts. We will also review how an administrator can provide a one-time bypass code and whitelist trusted locations to bypass the two-step verification. Lastly, you will see how to configure Azure Active Directory conditional access to enforce MFA on cloud-based applications.
- Identify the different methods of enabling two-step verification
- Configure multi-factor authentication for users
- Configure settings for MFA
- Implement Azure Active Directory conditional access for MFA
- People who want to become Azure administrators
- People preparing for Microsoft’s AZ-101 or AZ-300 exam
- General knowledge of Azure Active Directory
Related Training Content
To see more Microsoft Azurecontent, visit our Azure Training Library.
Enabling multifactor authentication for users is just as important to enable as administrators. Azure users could have access to sensitive data such as financial or employee data. Multifactor authentication can be enabled quickly from the Azure portal and should be enabled for all administrators including global administrators as well as for all users. As an example, if you have a user that has access to financial employee data, it's just as important you enable MFA for those users as you would for an administrator. All users start out disabled. When you enroll users in Azure MFA their state changes to enabled. When enabled users sign in and complete the registration process, their state changes to enforced.
Let's enable multifactor authentication for our users. Here we are in the Azure portal. On the left hand side I have a short cut for Azure Active Directory. Select it and go to users. And here you'll see a list of all of our users. In the menu bar select multifactor authentication. A new page will display and it will show you all of the state of the users. You'll see that Allen has it's state as enabled. But other users are disabled. So let's go to Ari and enable MFA. Select him. And then click Enable. A warning message will display, including the URL that the user needs to go to, to set up. Click enable multifactor authentication and then click close. Now Ari has it's state as enabled. Once Ari finishes his set up he will be listed as enforced.
About the Author
With over 15 years of experience in the IT industry, Eric Leonard is a Microsoft Azure MVP and a Cloud Solution Architect. Eric’s experience working with Microsoft technologies, with a strong emphasis on cloud and automation solutions, enables his clients to succeed in today’s technological environment. Eric has worked for clients in a variety of different industries including large and small enterprises, the public sector, professional services, education, and communications.
When he is not working, Eric believes in sharing his knowledge and giving back to the IT community. He is the co-organizer of the Ottawa IT community meetup, which has over 1,000 members, and he enjoys presenting and mentoring in the community.