Configuring Multi-Factor Authentication
Start course
1h 1m

This course has been designed to teach you how to manage access and authentication in Azure Active Directory. 

The topics covered within this course include:

  • Managing Authentication
  • Implementing Multi-Factor Authentication
  • Configuring Application Access
  • Implementing Access for External Users of Microsoft 365 Workloads

Learning Objectives

  • To learn how to configure and monitor authentication
  • To learn how to administer MFA and report on its utilization
  • To learn how to configure application registration and use Azure AD Application Proxy
  • To learn how to use Azure Active Directory B2B to add and manage external users

Intended Audience

  • Those looking to learn more about access and authentication


To get the most from this course, you should at least be familiar with Azure AD and have a general understanding of its features.


In this lesson you will learn about different multi-factor authentication settings in the Azure Portal, and what purposes they serve. We'll cover various features so that you have an understanding of how to manage MFA via the Azure Portal. MFA settings are accessed in the Azure Portal by browsing to Azure Active Directory, and then to MFA. Under settings you'll find configuration options, such as account lockout, block and unblock users, and other key configuration options. You can configure the account lockout settings to temporarily lockout accounts in the MFA service if too many denied authentication attempts are detected, while the block/unblock settings can be used to manually prevent certain users on an on-prem MFA Server from receiving MFA requests. Other configuration options provide additional management features that can be used to configure and manage multi-factor authentication. On your screen you can see available configuration options and what they offer. For example, the fraud alert feature is used to configure settings that relate to user's ability to report fraudulent verification requests from an on-prem MFA server, while notifications enable event notifications from the MFA Server. OATH tokens is used to manage OATH tokens for users in cloud-based Azure MFA environments. The phone call settings are used to configure settings that manage phone calls and greetings for both cloud and on-prem environments. The providers feature displays any existing authentication providers that have been associated with an account. Under "Manage MFA Server" you'll find settings that apply to MFA Server only. For example, server settings allows you to download MFA Server and to generate activation credentials that you can use to initialize your environment. One-time bypass is used to allow certain users to temporarily authenticate without performing two-step verification. Caching rules are typically used when on-prem systems, like VPN, send several verification requests while the first request is still in progress. What Caching Rules does is allow the subsequent requests to succeed automatically, if the user succeeds the first verification. Server status allows you to view the status of on-prem MFA servers. It displays version, status, IP, and last communication time and date. The Activity Report is specific to on-prem MFA Server implementations. For reports on the Azure MFA cloud offering, you would use the sign-ins report in Azure AD instead.


LECTURES: Course Introduction - What is Authentication - Designing an Authentication Method - Configuring Multi-Factor Authentication - Accessing MFA Service Settings - Enable SSPR - Sign-in Activity Reports in the Azure Active Directory Portal - Using Sign-in Activity Reports in the Azure Active Directory Portal - Azure Active Directory Monitoring - Implement MFA - Manage User Settings with Azure Multi-Factor Authentication in the Cloud - Manage MFA for Users - Reports in Azure Multi-Factor Authentication - Configure Application Registration in Azure AD - How to Configure Application Registration in Azure AD - What is Azure AD Application Proxy - Configure Azure AD Application Proxy - Azure Active Directory B2B - Add Guest Users to Your Directory in the Azure Portal - Conclusion

About the Author
Learning Paths

Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.

In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.

In his spare time, Tom enjoys camping, fishing, and playing poker.