Enabling Multi-Factor Authentication (MFA) in Azure AD


MFA is where users are prompted /required to authenticate with additional verification using additional form of identity verification.

MFA is a way to secure your apps and data by requiring users to use another form of verification. Also, MFA gives additional security by introducing an additional form for verification and provide strong authentication by a range of simple-to-use validation methods.

Approach/Steps

We can enable MFA using Conditional Access Polices in Azure-AD.

Following is the given screenshot Navigation to Enable MFA in Azure-AD.

Step 1: First click on Active user directories as shown in the following screenshots.

Step 2: Then Click on Security as given in the following screenshot.

Step 3: The next step is to click on “Conditional Access”.

Step 4 : Then under Polices select + New Policy —->Select Create New Policy .

Step 5: Then Provide Policy Name. Here given Policy name is MFADemoPolicy.

Step 6: This step involves clicking on the “ User or Workload Identities” as given in following screenshots ——> Then Select policy applies to User and groups ——->Then tick mark the checkbox with User and groups as given in the following screenshot.Once you tick mark the checkbox with User and groups then users will appear in right pane of window to select the user. Here we click on the User Dilip Singh (I have given my name as an example)

Step 8: Navigate on grant and click on same controls as given in the following screenshot.

Step 9 : Navigate to right pane of window —–> select grant access then tick mark checkbox “Required Multi-factor authentication”.

  • Also, as shown in the following screenshot, for multiple control select “Required the selected controls” then click on select.

Step 10 : In this step, you need to select Grant 1 control. Under Enable Policy select report only and click on Create

Step 11: Now MFADemoPolicy has been Created .

Test Multi-Factor Authentication (MFA):

Step 12: Open a fresh browser window in an Incognito mode and browse go to https://portal.azure.com.

Step 13: Sign in with your username to user account.

Step 14: Now prompted here required to register for and use Azure AD Multi-Factor Authentication

Step 15: Select ‘Next’ to begin the process.

You can do authentication by using a phone or mobile app . Authenticate from phone supports text msg also phone calls, and where mobile app supports using only a mobile app to receive notifications to get authentication or to get authentication codes.

Step 16 : Validate/complete all the instructions on the phone/mobile app screen to configure the multi-factor authentication you have selected.

Step 17: Close browser and log in back to the browser again at https://portal.azure.com to verify the authentication method that was configured. In the following example, if we configure a mobile app for authentication, you will see a prompt like the following one.

Conclusion:

  • MFA providing access based on Multiple factors and reduce risk to compromise password also MFA provides extra layer of security from outside attack that cost company millions .
  • MFA reduces risk of account hacking and granting an extra security layer .

Learn about Rackspace Managed Azure Cloud Services.

Learn about Rackspace Managed Relational Databases.

Use the Feedback tab to make any comments or ask questions. You can also start a conversation with us.

post avatar
Dilip Singh

Share this information: