CloudAcademy
  1. Home
  2. Training Library
  3. Microsoft Azure
  4. Courses
  5. Implementing Multi-Factor Authentication on Azure

Enable MFA for an Azure Tenant

The course is part of these learning paths

AZ-103 Exam Preparation: Microsoft Azure Administrator
course-steps 15 certification 6 lab-steps 6
AZ-203 Exam Preparation: Developing Solutions for Microsoft Azure
course-steps 16 certification 1 lab-steps 7
AZ-101 Exam Preparation: Microsoft Azure Integration and Security
course-steps 11 certification 4 lab-steps 5
Azure Services for Security Engineers
course-steps 8 certification 4 lab-steps 3
more_horiz See 2 more
play-arrow
Start course
Overview
DifficultyIntermediate
Duration24m
Students193

Description

Course Overview

Multi-factor authentication or MFA is no longer optional, and it is paramount that you protect not only your privileged accounts but enable it for all accounts. Azure Active Directory offers the ability to secure your identities with an additional authentication method. Verification of your identity can be done via an automated voice call, text message, through the Microsoft Authenticator app, or with a verification code.

Azure multi-factor authentication can be enforced using different methods. We will configure the user settings to give the ability to a user to report fraudulent attempts on their accounts. We will also review how an administrator can provide a one-time bypass code and whitelist trusted locations to bypass the two-step verification. Lastly, you will see how to configure Azure Active Directory conditional access to enforce MFA on cloud-based applications.

Learning Objectives

  • Identify the different methods of enabling two-step verification
  • Configure multi-factor authentication for users
  • Configure settings for MFA
  • Implement Azure Active Directory conditional access for MFA

Intended Audience

  • People who want to become Azure administrators
  • People preparing for Microsoft’s AZ-101 or AZ-300 exam

Prerequisites

  • General knowledge of Azure Active Directory

Related Training Content

To see more Microsoft Azurecontent, visit our Azure Training Library.

Transcript

Global administrators are highly sensitive accounts, and anyone who has this role can enable MFA free of charge. Users who are not part of the global administrator's group that want to have MFA enabled must purchase a license with this capability, like Azure Active Directory Premium or a license bundle that includes Azure AD Premium. 

There are three ways to enable MFA in Azure. You can enable MFA by changing the user state or configuring a registration policy in Azure AD Identity Protection, or by creating a conditional access policy in Azure AD. Let's have a look at each option to see how we can enable MFA. Azure AD Identity Protection is part of the Azure AD Premium 2 offering which gives you the ability to detect potential issues with your corporate identities, investigate suspicious activity, and take appropriate action to them. When something suspicious is detected, you can have an automated response to the event. 

Set risk conditional access policies to automatically protect users. Risk-based conditional access policies in Azure AD Identity Protections allows you to create a registration policy to force some or all of your users to complete the MFA registration. Azure AD conditional access is part of the premium offering in Azure AD, allows you to set the right access controls under the right condition. This means that if a user tries to access a web app from the corporate network, they will not be prompted, but if they try it from their favorite coffee shop, then they will be prompted for their username and password. This condition is based on location. Conditional access allows Azure AD to determine when to enforce MFA or not. 

Enabling MFA by changing the user state is a traditional method of enabling two-step verification. It allows you to go to the MFA site and configure each account and enable MFA. Once MFA's enabled by user state, it will always require the two-step verification. In the upcoming videos, we will cover all the configuration options around user accounts.

About the Author

Students284
Courses2

With over 15 years of experience in the IT industry, Eric Leonard is a Microsoft Azure MVP and a Cloud Solution Architect. Eric’s experience working with Microsoft technologies, with a strong emphasis on cloud and automation solutions, enables his clients to succeed in today’s technological environment. Eric has worked for clients in a variety of different industries including large and small enterprises, the public sector, professional services, education, and communications.

When he is not working, Eric believes in sharing his knowledge and giving back to the IT community. He is the co-organizer of the Ottawa IT community meetup, which has over 1,000 members, and he enjoys presenting and mentoring in the community.