Cloud Security – Azure Active Directory authentication – Configuring Multi Factor Authentication (MFA) – Part 3
LIFE IS BEAUTIFUL 🙂 I hope we all are safe:) STAY SAFE, STAY HEALTHY 🙂 STAY HOME 🙂
In last couple of articles we are discussing about cloud security – Azure AD and authentications
- Cloud Security- Introduction to Azure Security and Azure Security Center
- Cloud Security – Azure Active Directory authentication – Part 1
We also discussed that for security reason, many accounts in organizations are enabled for Azure Multi-Factor Authentication (MFA) which includes more verification methods such as Phone call, Security Question and so on.
Best practice is to have multiple verification methods for all users.
In this article we will discuss what is MFA and how to configure it.
Takeaway from this article:
- You will understand what is Multi-Factor Authentication
- Why Multi-Factor Authentication is necessary
- How to enable Multi-Factor authentication for the users
- How to configure “Microsoft Authenticator App” for verification
What is MFA?
Microsoft Defines It : “Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.“
In one of our Azure article we also discussed “self-service password reset – Cloud Security – Azure Active Directory authentication – self-service password reset – Part 2” where also we need Azure MFA
MFA provides additional security by providing requiring second form of authentication. Following are the verification options available for Azure MFA
- Microsoft Authenticator app
- OATH Hardware token
- Voice call
Here, Administrator can define what option should be used for Secondary Authentication.
Basic multi-factor authentication features are available to Microsoft 365 and Azure Active Directory (Azure AD) administrators for no extra cost.
Why Multi-Factor Authentication:
- Multi-Factor Authentication provides additional layer of security using second form of authentication
- Multi-Factor Authentication secures our user accounts in our organization
Enabling the Multi-Factor Authentication:
- Login to the M365 Admin portal – https://admin.microsoft.com
- Please click on “Azure Active Directory” admin center. Link is available under “Admin centers” as shown in above Fig1
- We will be redirected to – Azure Active Directory admin center as shown in below Fig2
- Click on “Users” from the left pane as shown in above Fig2
- We will be redirected to Users dashboard as shown in below Fig3
- Users Dashboard will list all the users by default as shown in above Fig3
- There are various settings option also available on the top like “+ New user”, “+ New guest user” …. and “Multi-Factor Authentication” at right side. This is the option available to Enable / Disable the Multi-Factor Authentication
- Click on the link “Multi-Factor Authentication” as selected in above Fig3
- We will be redirected to “multi-factor authentication users service settings page as shown in below Fig4
- As in above Fig4, we will see various filtering options for the users. Like “View” or “Multi-Factor Auth status”.
- With these options we can filter the users
- Once we have selected the users, there two links get enabled under “quick steps” as shown in below Fig5
- First link is to Enable / Disable the Multi-Factor authentication for the selected users based on Multi-Factor Auth status”
- So here we will Enable the Multi-Factor Authentication for following two users by clicking on link “Enable” under “quick steps” at right hand side
- We will get a dialog “About enabling multi-factor auth” as shown in below Fig6
- On the “About enabling multi-factor auth” dialog there will be two links available
- deployment guide – https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-getstarted
- Link for users to register for multi-factor auth – https://aka.ms/MFASetup
- As we click on “enable multi-factor auth” button at bottom, and enabling multi-factor authentication happens successfully we get the “Updates successful” dialog as shown in below Fig7.
- When user logged in next time and enter successfully user name and password, “More information required” dialog appears for second verification method as shown in below Fig8
- Just click on “Next” button as shown in above Fig8
- We will be redirected to “Additional security verification” page – https://account.activedirectory.windowsazure.com/proofup.aspx?culture=en as shown in below Fig9
- Here I have selected second option “Mobile app” and “use verification code” option as shown in below Fig10
- To use “Mobile App” option we need to download “Microsoft authenticator app” as shown in below Fig11
- Once “Microsoft authenticator app” successfully installed, click on “Set up” button as shown in Fig10
- We will get “Configure mobile app” either to scan the image or for the code as shown in below Fig12
- Click on “Next” button
- Once mobile app successfully configures we get the success method as shown in below Fig13
- Next we need to enter the verification code which appears in “Microsoft Authenticator App” on our mobile as shown in below Fig14
- Click on “Verify” button as shown in above Fig14, once we entered verification code
- If its successful, Step 3 will appear just to enter mobile no as shown in below Fig15
- Once all setup done, after log in, prompt will appear for verification code which appears in “Mobile Authenticator App” on our mobile as shown below Fig15_1
- If code verifies then we could successfully log in to our portal 🙂
What Next: Discussion about Conditional Access. We will explore. MFA with Conditional Access
We have very good series on Azure, lots of discussion on Azure, please visit – https://knowledge-junction.com/?s=azure
Thanks for reading 🙂 If its worth at least reading once, kindly please like and share. SHARING IS CARING 🙂