Cloud Security – Azure Active Directory authentication – Configuring Multi Factor Authentication (MFA) – Part 3

Hi All,

LIFE IS BEAUTIFUL 🙂 I hope we all are safe:) STAY SAFE, STAY HEALTHY 🙂 STAY HOME 🙂

In last couple of articles we are discussing about cloud security – Azure AD and authentications

We also discussed that for security reason, many accounts in organizations are enabled for Azure Multi-Factor Authentication (MFA) which includes more verification methods such as Phone call, Security Question and so on.

Best practice is to have multiple verification methods for all users.

In this article we will discuss what is MFA and how to configure it.

Takeaway from this article:

  • You will understand what is Multi-Factor Authentication
  • Why Multi-Factor Authentication is necessary
  • How to enable Multi-Factor authentication for the users
  • How to configure “Microsoft Authenticator App” for verification

What is MFA?

Microsoft Defines It : “Multi-factor authentication is a process where a user is prompted during the sign-in process for an additional form of identification, such as to enter a code on their cellphone or to provide a fingerprint scan.

In one of our Azure article we also discussed “self-service password reset – Cloud Security – Azure Active Directory authentication – self-service password reset – Part 2” where also we need Azure MFA

MFA provides additional security by providing requiring second form of authentication. Following are the verification options available for Azure MFA

  • Microsoft Authenticator app
  • OATH Hardware token
  • SMS
  • Voice call

Here, Administrator can define what option should be used for Secondary Authentication.

Basic multi-factor authentication features are available to Microsoft 365 and Azure Active Directory (Azure AD) administrators for no extra cost.

Why Multi-Factor Authentication:

  • Multi-Factor Authentication provides additional layer of security using second form of authentication
  • Multi-Factor Authentication secures our user accounts in our organization

Enabling the Multi-Factor Authentication:

M365 Admin Portal
Fig1 : M365 Admin Portal
  • Please click on “Azure Active Directory” admin center. Link is available under “Admin centers” as shown in above Fig1
  • We will be redirected to – Azure Active Directory admin center as shown in below Fig2
Azure Active Directory admin center
Fig2 : M365 – Azure Active Directory admin center
  • Click on “Users” from the left pane as shown in above Fig2
  • We will be redirected to Users dashboard as shown in below Fig3
Azure Active Directory admin center - Users dashboard - Multi-Factor Authentication
Fig3 : M365 – Azure Active Directory admin center – Users Dashboard – Multi-Factor Authentication
  • Users Dashboard will list all the users by default as shown in above Fig3
  • There are various settings option also available on the top like “+ New user”, “+ New guest user” …. and “Multi-Factor Authentication” at right side. This is the option available to Enable / Disable the Multi-Factor Authentication
  • Click on the link “Multi-Factor Authentication” as selected in above Fig3
  • We will be redirected to “multi-factor authentication users service settings page as shown in below Fig4
Azure Active Directory admin center - Users dashboard - multi-factor authentication users service settings page
Fig4 : M365 – Azure Active Directory admin center – Users dashboard – multi-factor authentication users service settings page
  • As in above Fig4, we will see various filtering options for the users. Like “View” or “Multi-Factor Auth status”.
  • With these options we can filter the users
  • Once we have selected the users, there two links get enabled under “quick steps” as shown in below Fig5
  • First link is to Enable / Disable the Multi-Factor authentication for the selected users based on Multi-Factor Auth status”
M365 - Azure Active Directory admin center - Users dashboard - multi-factor authentication users service settings page
Fig5 : M365 – Azure Active Directory admin center – Users dashboard – multi-factor authentication users service settings page >> Selecting the users.
  • So here we will Enable the Multi-Factor Authentication for following two users by clicking on link “Enable” under “quick steps” at right hand side
    • prasham@knoweldgejunction1.onmicrosoft.com
    • prasham1@knoweldgejunction1.onmicrosoft.com
  • We will get a dialog “About enabling multi-factor auth” as shown in below Fig6
M365 - Azure Active Directory admin center - Users dashboard - multi-factor authentication users service settings page >> About enabling multi-factor auth for the selected users.
Fig6 : M365 – Azure Active Directory admin center – Users dashboard – multi-factor authentication users service settings page >> About enabling multi-factor auth for the selected users.
  • As we click on “enable multi-factor auth” button at bottom, and enabling multi-factor authentication happens successfully we get the “Updates successful” dialog as shown in below Fig7.
M365 - Azure Active Directory admin center - Users dashboard - multi-factor authentication users service settings page >> "Updates successful" dialog appears after successfully enabling the multi-factor authentication for the selected users
Fig7 : M365 – Azure Active Directory admin center – Users dashboard – multi-factor authentication users service settings page >> “Updates successful” dialog appears after successfully enabling the multi-factor authentication for the selected users
  • When user logged in next time and enter successfully user name and password, “More information required” dialog appears for second verification method as shown in below Fig8
M365 - Azure Active Directory admin center - "More information required" dialog when user logins first time after enabling Multi-Factor Authentication"
Fig8 : M365 – Azure Active Directory admin center – “More information required” dialog when user logins first time after enabling Multi-Factor Authentication”
Fig10 : M365 - Azure Active Directory admin center - "Additional security verification" page - https://account.activedirectory.windowsazure.com/proofup.aspx?culture=en
Fig9 : M365 – Azure Active Directory admin center – “Additional security verification” page – https://account.activedirectory.windowsazure.com/proofup.aspx?culture=en
  • Here I have selected second option “Mobile app” and “use verification code” option as shown in below Fig10
M365 - Azure Active Directory admin center - "Additional security verification" page - https://account.activedirectory.windowsazure.com/proofup.aspx?culture=en
Fig10 : M365 – Azure Active Directory admin center – “Additional security verification” page – https://account.activedirectory.windowsazure.com/proofup.aspx?culture=en >> selecting “Mobile App” and “Use verification code” option
  • To use “Mobile App” option we need to download “Microsoft authenticator app” as shown in below Fig11
Installing "Microsoft authenticator app" from Play Store on Android mobile
Fig11 : Installing “Microsoft authenticator app” from Play Store on Android mobile
  • Once “Microsoft authenticator app” successfully installed, click on “Set up” button as shown in Fig10
  • We will get “Configure mobile app” either to scan the image or for the code as shown in below Fig12
  • Click on “Next” button
M365 - Azure Active Directory admin center - "Configure mobile app" dialog to scan the image given or for verification code
Fig12 : M365 – Azure Active Directory admin center – “Configure mobile app” dialog to scan the image given or for verification code
  • Once mobile app successfully configures we get the success method as shown in below Fig13
M365 - Azure Active Directory admin center - "Additional security verification" page
Fig13 : M365 – Azure Active Directory admin center – “Additional security verification” page showing the success method
  • Next we need to enter the verification code which appears in “Microsoft Authenticator App” on our mobile as shown in below Fig14
M365 - Azure Active Directory admin center - "Additional security verification" page step 2  for entering the verification code from the mobile app
Fig14 : M365 – Azure Active Directory admin center – “Additional security verification” page step 2 for entering the verification code from the mobile app
  • Click on “Verify” button as shown in above Fig14, once we entered verification code
  • If its successful, Step 3 will appear just to enter mobile no as shown in below Fig15
M365 - Azure Active Directory admin center - "Additional security verification" page step 3 for entering the mobile number
Fig15 : M365 – Azure Active Directory admin center – “Additional security verification” page step 3 for entering the mobile number
  • Once all setup done, after log in, prompt will appear for verification code which appears in “Mobile Authenticator App” on our mobile as shown below Fig15_1
M365 - Azure Active Directory admin center - dialog for entering verification code
Fig15_1 : M365 – Azure Active Directory admin center – dialog for entering verification code
  • If code verifies then we could successfully log in to our portal 🙂

What Next: Discussion about Conditional Access. We will explore. MFA with Conditional Access

We have very good series on Azure, lots of discussion on Azure, please visit – https://knowledge-junction.com/?s=azure

Thanks for reading 🙂 If its worth at least reading once, kindly please like and share. SHARING IS CARING 🙂

One thought on “Cloud Security – Azure Active Directory authentication – Configuring Multi Factor Authentication (MFA) – Part 3

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: