Azure Multi-Factor Authentication

• Something you know (typically a password)
• Something you have (a trusted device that is not easily duplicated, like a phone)
• Something you are (biometrics)

Azure Multi-Factor Authentication is the multi-factor authentication service that requires users to also verify sign-ins using a mobile app, phone call or text message. Also, it is available to use with Azure Active Directory, to secure on-premise resources with the Azure Multi-Factor Authentication Server, and with custom applications and directories using the SDK.

What are the advantages of Azure Multi-Factor Authentication?

If added security for your data and applications - without added hassle for users.

• Safeguard access with mobile app, phone call, SMS
• Deploy on-premises or in the cloud
• Reduce risk, meet compliance requirements
• Protects Office 365, Salesforce, DropBox and other SaaS apps
• Works with VPN, Microsoft IIS, RADIUS, LDAP
• Real-time fraud monitoring and alerts

How to Enable Multi-Factor Authentication in Azure?

Create Multi-Factor Authentication provider

1. In Microsoft Azure, navigate to ACTIVE DIRECTORY.
2. Click MULTI-FACTOR AUTH PROVIDERS, and then click CREATE A NEW MULTI-FACTOR AUTHENTICATION PROVIDER. In NAME, type Contoso-MFA, select the usage model. In our case we selected “Per Enabled User”, selected the Contoso-Directory that we had already created and synced with us on premise AD, and then click CREATE.

Enable Users in my Directory to use MFA

If you create a new users in your directory all you will need is to do is select the “Enable Multi-Factor Authentication” check box.

1. For existing users, you will need to activate the MFA. To do that, navigate to your directory in Azure and select the “Manage Multi Factor Auth” in the action bar at the bottom.
2. Once the Manage Multi Factor Authentication page as loaded, you can select all the users you want to enable MFA for, click Enable and click Bulk update to start the process.
3. It will ask you to confirm and it will provide links to more info about the deployment. click “enable multi-factor Auth”
4. Click ‘Close” to complete.

Configure the users MFA settings

Now that our users in our directory has been configured.  Now each users that were enabled will need to configure their MFA settings on the next logon.

1. Logged on to Azure using the “BenSmith@Contosolab01.onmicrosoft.com” address and authenticated using the password that was already setup.
2. Automatically, the system will prompt the user if the MFA setup is needed.
3. As part of the setup Ben needed to enter a phone number that the system will call to validate the login for this user.
4. By clicking “verify now”, the system will call your phone and ask for you to verify the connection.
5. After click Next to continue.
6. At this point we will keep the MFA setup pretty simple. We will look at multiple options in the upcoming weeks.
7. Once this is completed. You will receive a phone call every time you logon to this account to validate that is you.