Tag Archives: Azure Multi-Factor Authentication

#Azure AD : All about Azure Active Directory


IT has moved from Datacenter Era to the Cloud Era. Focus of the organizations have been changed from one specific set of vendors to the open world of technology. Since Datacenter came in inception, Identity has played a vital role and always been used to treat as a backbone of IT. Now in the new era of multi-cloud environment, Identity is playing a centric role that itself is a new beginning of Identity that has been extended from IT backbone to user-experience oriented.

Microsoft had played a key role in datacenter era by Windows Server Active Directory and now again playing a crucial role in multi-cloud environment by offering Azure Active Directory. Microsoft Azure Active Directory in not only a directory service but it is a complete cloud service that can fulfill all your identity and authorization needs. However, you may find there are couple of things related to identity that can’t be fulfilled by native AAD features but it is continuously evolving.

In this era, organizations don’t need SME for everything but they need design SME who has board understanding of complete end-to end solution stack starting from infrastructure technologies to application technologies.

I have written a series of blog posts on Microsoft Azure AD and these posts mainly focus on how to do it or you can say step-by-step guides backed by real-time scenarios.

Microsoft Azure Active Directory

Azure AD Connect

SSO to SaaS

Application Proxy

Multi-factor Authentication

Self-service Password Management

Self-service group management

Access Panel/My Apps

Dynamic groups membership

Pricing, Licensing and Support

Conditional Access

Custom domain names

Company branding

Cloud App Discovery

Group-based licensing

Identity Protection Part I

Identity Protection Part II

Identity Protection Part III

Privileged Identity Management Part I

Privileged Identity Management Part II

Privileged Identity Management Part III

Azure Active Directory Domain Services Part I

Azure Active Directory Domain Services Part II

Azure Active Directory Domain Services Part III

Azure Active Directory Domain Services Part IV

Device Management – Azure AD Registering

Device Management – Azure AD Join

B2B Collaboration

B2B Licensing

B2C

Error – SSPR_0029: We are unable to reset your password due to an error in your on-premises configuration.

Above series of blog posts have covered most of the areas of Azure Active Directory. You can bookmark this blog post for any Azure AD need, I’ll try my level best to add new Azure AD related posts in this series.

Advertisements

#AzureAD : Multi-factor Authentication


Multi-factor authentication mostly refers to two-factor authentication that provides enhanced security to user sign-ins and transactions. There are many solutions available in the market and Azure MFA is one of them. Azure MFA is a cloud access control service offering, and quite simple to use and configure. However, MFA for Office 365 and Azure AD admins available at no extra cost but Azure Multi-Factor authentication full version license can be configured through Azure Active Directory Premium or Enterprise Mobility + Security.

With the third-party partnership offerings, Microsoft makes this service a real multi factor authentication by adding one more layer of authentication mechanism. Therefore, now you can call it three-factor authentication. Third-party MFA partners are:

 

 

Azure MFA native verification process can be achieved by three options.

  1. Authentication Phone
  2. Office Phone
  3. Mobile App

Let’s see how to set it up:

Login to the Azure Portal and go to the Azure Active Directory.

Go to the Users and groups, and go to the All users.

Click on Multi-Factor Authentication.

MFA console will open in new tab.

Select a user and click on Enable.

Click on enable multi-factor auth.

Once, updated successfully. Click on Close. Now, MFA has been enabled successfully for the selected user.

Once as an administrator, you have enabled any user for MFA then user has to follow the following steps to complete the process.

Now, user should go to the browser try to login to the Azure services. In my scenario, I am trying to login to the https://myapps.microsoft.com

Once user has entered his/her credential, he/she will be redirected to the new page to setup his/her MFA. Click on set it up now.

Now, user can see; there are three options available for additional security verification.

Option 1: Authentication phone

Option 2 : Office phone

Option 3 : Mobile app

In my scenario, I have selected option 1 with “call me” method. Enter required details and click on Next

Now, user will receive a call for verification.

Once, verification will be completed successfully then user will be redirected to step 3. Read the information and click on Done.

Next time, whenever user will try to login; he/she will receive a phone call for verification.

Hope, this blog post helped you to understand Microsoft Azure MFA. However, you can try different verification methods and post your queries in comment section.