Configure Multi-Factor Authentication
The course is part of these learning pathsSee 1 more
Multi-factor authentication or MFA is no longer optional, and it is paramount that you protect not only your privileged accounts but enable it for all accounts. Azure Active Directory offers the ability to secure your identities with an additional authentication method. Verification of your identity can be done via an automated voice call, text message, through the Microsoft Authenticator app, or with a verification code.
Azure multi-factor authentication can be enforced using different methods. We will configure the user settings to give the ability to a user to report fraudulent attempts on their accounts. We will also review how an administrator can provide a one-time bypass code and whitelist trusted locations to bypass the two-step verification. Lastly, you will see how to configure Azure Active Directory conditional access to enforce MFA on cloud-based applications.
- Identify the different methods of enabling two-step verification
- Configure multi-factor authentication for users
- Configure settings for MFA
- Implement Azure Active Directory conditional access for MFA
- People who want to become Azure administrators
- People preparing for Microsoft’s AZ-303 exam
- General knowledge of Azure Active Directory
Related Training Content
To see more Microsoft Azurecontent, visit our Azure Training Library.
Azure Multi-Factor Authentication helps protect access to your data and applications, all the while keeping it easy for users. It provides additional security by requiring a second form of authentication and deliver strong authentication via a range of easy-to-use authentication methods. Those authentication methods can be called to the phone. This will automatically call the registered phone number with MFA. The user will need to answer and select a pound key to verify, or SMS message to the phone.
This will send a text message to the user containing the verification code. The user will then need to answer the code at the sign in interface, or notification through the authenticator app. This will send a push notification to the Microsoft Authenticator app on the user's mobile phone. The user can accept the push notification to verify. And lastly, a verification code from a mobile app or hardware token. This will prompt the user to enter a verification pin. The user will need to launch the Microsoft authenticator app and enter the pin that is presented to them. The pin expires after 30 seconds and a new one will be generated. Within Azure Multi-Factor Authentication many options can be configured by the administrator to better customize the user experience.
The organization can determine what authentication method we mentioned earlier to allow. If for example, SMS messages are considered a security risk, then this option can be turned off. Fraud alerts can be configured so that the users can report fraudulent attempts if they receive a two-step verification request that they didn't initiate. A one-time bypass code can be used to sidestep the two-step verification for a limited time. An example of this would be if an employee lost her phone. Lastly, we will look at trusted IP's for managed and federated tenants to bypass the two-step verification when they're in a trusted location such as company officials.
With over 15 years of experience in the IT industry, Eric Leonard is a Microsoft Azure MVP and a Cloud Solution Architect. Eric’s experience working with Microsoft technologies, with a strong emphasis on cloud and automation solutions, enables his clients to succeed in today’s technological environment. Eric has worked for clients in a variety of different industries including large and small enterprises, the public sector, professional services, education, and communications.
When he is not working, Eric believes in sharing his knowledge and giving back to the IT community. He is the co-organizer of the Ottawa IT community meetup, which has over 1,000 members, and he enjoys presenting and mentoring in the community.