Azure Active Directory Labs Series – Multi-Factor Authentication
Solution ·Back in June I had the pleasure of delivering a training on Azure Active Directory to two customer crowds. I say pleasure because not only do I love to share knowledge but also, the preparation of the training forces me to go deep on some aspects of what I’m going to teach.
In that training there were 8 labs and I thought it would be great to share them to the more general public. The labs follow each other and build on each other.
You can find the exhaustive list in Cloud Identity & Azure Active Directory page. This is the eight and last lab.
In the current lab we configure AAD to provide multi-factor authentication.
Create MFA provider
- Go to the legacy portal @ https://manage.windowsazure.com
- Scroll down the left menu to the bottom and select Active Directory
- You should see the following screen
- Select Multi-Factor Auth Providers
- Select Create a new multi-factor authentication provider
- Fill in the form
- Name: DemoProvider
- Usage Model: Leave it as it is for the demo
- Subscription: Select the subscription you are using
- Directory: Select the directory you have created in a previous lab
- Click Create button
- You should see the following screen
- In the screen bottom, click Manage
- This will open a new web page
- Click the Configure link (next to the gear icon)
- Here you could setup different policies on the MFA of your users
- On the left hand menu, select Caching
- Here you could define different caches to streamline authentication process, i.e. removing MFA once the user has authenticated using MFA for a time duration
- On the left hand menu, select Voice Messages
- Here you could configure personalized voice messages
- Close the browser page
Enable users for MFA
- Go to the legacy portal @ https://manage.windowsazure.com
- Scroll down the left menu to the bottom and select Active Directory
- You should see the following screen
- Select a tenant you created for this lab & enter it
- Select the Users menu
- At the screen bottom, click the Manage Multi-Factor Auth button
- This will open a new web page
- Select the first user, i.e. Alan Scott
- In the right column, click the enable link
- In the dialog box, click the Enable multi-factor auth button
- Select the Service Settings tab at the top
- Scroll down to the verification options
- Select only text message to phone
- Click the Save button
- Close the web page
- Back to the user list in the portal, select the first user (the one we just enabled) and enter it
- Select the Work Info tab
- Under Contact Info & Mobile Phone, select Canada (+1) as region
- Enter your own mobile phone number
- Click the Save button
Test MFA
- Open an In private web browser
- Navigate to https://portal.azure.com
- Enter credentials
- You will be prompted to setup MFA, click the Set it up now button
- You should see the following screen (with your mobile phone instead of the orange rectangle)
- Click the Contact Me button
- You should receive a text message on your mobile phone with a 6 digits number
- Enter that number in the web page
- Click the Verify button
- It should tell you verification successful
- Click the Done button
- You should proceed to the portal as an authenticated user
Post Lab
You can go back to the admin portal for MFA and try different configurations.