Microsoft has released Multi Factor Authentication (MFA) for Azure, Office 365 and Intune. In this blog post we will take a look at how to enable and configure Multi Factor Authentication in the Azure / O365 Portal. In other blog posts we will extend the MFA to on premise applications and services.
Part 1: Enable Multifactor Authentication on Azure domain
Part 2: Configure your user to use Multifactor Authentication.
First we log on to the Azure Portal and go to Active Directory. From there you select your domain where you want to enable MFA.
Select the user you want to enable for MFA and click enable :
When you only want to enable MFA for login into Azure / Office 365 / Intune you are finished at this step. Now log off and try to login as a admin user enabled for MFA. In my example I am going to login to Office 365 portal:
After successful authentication it prompts to configure second authentication:
I want to use the app, but it is also possible to use phone or sms authentication. To download the app from different stores:
Apple: https://itunes.apple.com/kn/app/multi-factor-authentication/id475844606?mt=8
Windows Store: http://www.windowsphone.com/nl-nl/store/app/multi-factor-auth/0a9691de-c0a1-44ee-ab96-6807f8322bd1
Google Play: https://play.google.com/store/apps/details?id=com.phonefactor.phonefactor&hl=en
Scan the code or enter the url and code what is showing in the screen
Then it will ask you to verify the app
It will give a message when authentication is successful
The next step is to add an backup phone number:
The last step is to configure app passwords. As I only enabled it for the administrators and admin purposes I am not going to configure it
And we are signed in.
The next time I log in I wil get an app to verify my login request.
If you want to configure and enable extended MFA Authentication to on premise or other SAAS application you need to confgure Windows Azure Multi Factor Authentication. To do so go back to Active Directory on Azure Portal and select Multi-Factor Auth-Providers and Choose create a new mfa provider:
Specify a name and select usage model you want and the the directory to use if you have multiple:
And it is created:
In the next blog posts I will go trough how to configure On Premise MFA.