Establishing Multi Factor Authentication In Azure Active Directory

Brief explanation of Multi Factor Authentication in Azure Active Directory along with a step by step demo of the same.

Multi-Factor or a two-step verification is a method of authentication that requires more than one verification method and adds a critical second layer of security to use sign-ins and transactions.
 
It works by requiring any two or more of the following methods:
  • Something you know: (usually your password)
  • Something you have: (a trusted device that is not easily duplicated, like a phone)
  • Something you are: (biometrics)
Azure Multi-Factor Authentication is Microsoft's two-step verification solution.
 
Azure MFA helps safeguard access to data and applications while meeting user demand for a simple sign-in process.
 
It delivers strong authentication via a range of verification methods, including phone calls, text messages or mobile app verification.

Why Azure MFA? 

  • Today, more than ever, people are increasingly connected. With smartphones, tablets, laptops, and PCs, people have multiple options to access their accounts and applications from anywhere and stay connected at any time.
  • Azure MFA is an easy to use, scalable, and reliable solution that provides a second method of authentication to protect your users.

Easy To Use

  • It is simple to set up and use.
  • Extra protection comes with Azure MFA allows users to manage their own devices.
  • Best of all, in many instances, it can be set up with just a few simple clicks.

Scalable

  • It uses the power of the cloud and integrates with your on-premises AD and custom apps.
  • This protection is even extended to your high-volume, mission-critical scenarios.

Always Protected

  • Azure MFA provides strong authentication using the highest industry standards.

Reliable

  • Microsoft guarantees 99.9% availability of Azure MFA.
  • The service is considered unavailable when it is unable to receive or process verification requests for the two-step verification.

Step-by-Step Demo

Navigate to the Azure Active Directory from your Azure dashboard.
 
Azure
Next, click on Users.
 
Azure 
 
It will show the list of all users. On top, you will see Multi-Factor Authentication. Click on that and it will open up a new window in the browser.
 
Azure
 
From the list that shows up, click on a user and enable the multi-factor authentication. Currently, the status shows as disabled.
 
Azure
 
After enabling it, you can see the status is changed to Enabled.
 
Azure 
 
Back in the portal, go to the users' list and click on "Reset password". Now, we are going to see what the user will experience while signing in.
 
Azure
 
It will open up this blade. Click on Reset Password.
 
Azure 
 
It will reset the password and will generate a temporary password. Copy it and keep it aside for some time.
 
Azure 
 
Now, we need to log in as that user with their newly-generated password.
 
Login to the portal from a new private/incognito window.
 
Azure 
 
The user will be prompted with this screen. Click on 'Set it up now'.
 
Azure
 
You will then be prompted to choose an authentication method. Here I have chosen an authentication phone and chosen to receive a text message. Once you are done with this, click on next.
 
Azure
 
Once you receive the code, enter it and click on verify.
 
Azure
 
Next the user will be given a generated password for existing applications. Click on Done.
 
Azure
 
You will be asked to change your password since Azure knows that your Admin has changed your password. Create a new password and click on sign in.
 
Azure 
 
The user will be then logged into their Azure account.
 
Back in the MFA page, you can see that the status would now show 'Enforced', meaning that the user has now changed the password. Next, click on service settings to explore some basic settings.
 
Azure 
Here you will be able to change the general service settings.
 
Azure
 
Hence, this is how we can establish the multi-factor authentication in Azure Active Directory.