1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Implementing Multi-Factor Authentication on Azure

Enable MFA for an Azure Tenant

Start course

Multi-factor authentication or MFA is no longer optional, and it is paramount that you protect not only your privileged accounts but enable it for all accounts. Azure Active Directory offers the ability to secure your identities with an additional authentication method. Verification of your identity can be done via an automated voice call, text message, through the Microsoft Authenticator app, or with a verification code.

Azure multi-factor authentication can be enforced using different methods. We will configure the user settings to give the ability to a user to report fraudulent attempts on their accounts. We will also review how an administrator can provide a one-time bypass code and whitelist trusted locations to bypass the two-step verification. Lastly, you will see how to configure Azure Active Directory conditional access to enforce MFA on cloud-based applications.

Learning Objectives

  • Identify the different methods of enabling two-step verification
  • Configure multi-factor authentication for users
  • Configure settings for MFA
  • Implement Azure Active Directory conditional access for MFA

Intended Audience

  • People who want to become Azure administrators
  • People preparing for Microsoft’s AZ-303 exam


  • General knowledge of Azure Active Directory

Related Training Content

To see more Microsoft Azurecontent, visit our Azure Training Library.


There are three ways to enable MFA in Azure. You can enable MFA by changing the user state or configuring a registration policy in Azure AD Identity Protection, or by creating a conditional access policy in Azure AD. Let's have a look at each option to see how we can enable MFA. Azure AD Identity Protection is part of the Azure AD Premium 2 offering which gives you the ability to detect potential issues with your corporate identities, investigate suspicious activity, and take appropriate action to them. When something suspicious is detected, you can have an automated response to the event. 

Set risk conditional access policies to automatically protect users. Risk-based conditional access policies in Azure AD Identity Protection allows you to create a registration policy to force some or all of your users to complete the MFA registration. Azure AD conditional access is part of the premium offering in Azure AD, allows you to set the right access controls under the right condition. This means that if a user tries to access a web app from the corporate network, they will not be prompted, but if they try it from their favorite coffee shop, then they will be prompted for their username and password. This condition is based on location. Conditional access allows Azure AD to determine when to enforce MFA or not. 

Enabling MFA by changing the user state is a traditional method of enabling two-step verification. It allows you to go to the MFA site and configure each account and enable MFA. Once MFA's enabled by user state, it will always require the two-step verification. In the upcoming videos, we will cover all the configuration options around user accounts.

About the Author

With over 15 years of experience in the IT industry, Eric Leonard is a Microsoft Azure MVP and a Cloud Solution Architect. Eric’s experience working with Microsoft technologies, with a strong emphasis on cloud and automation solutions, enables his clients to succeed in today’s technological environment. Eric has worked for clients in a variety of different industries including large and small enterprises, the public sector, professional services, education, and communications.

When he is not working, Eric believes in sharing his knowledge and giving back to the IT community. He is the co-organizer of the Ottawa IT community meetup, which has over 1,000 members, and he enjoys presenting and mentoring in the community.