Azure Practice Series 4: Enable and configure free MFA

In the previous series of practice we have configured our cloud Azure AD , we can add the cloud server to the domain, you can also add users to the cloud Azure AD , that now has a move for the first cloud For the first era, the cloud Azure AD and the traditional AD compared to what advantage? First, the cloud Azure AD easy to use, followed by us do not need to maintain the domain controller, we do not need to put the appropriate hardware, all the management only need a browser, with the mouse and keyboard. It is only the advantage of this, of course not, cloud Azure AD also provides free unlimited number of times without any fees charged multiple authentication services MFA .

Before we start this practice, let’s look at what is a dual authentication service, and double authentication is an authentication method that requires multiple authentication methods to provide an additional level of security for user logins and transactions. It works by requiring two or more of the following verification methods:
Some things the user knows (usually a password)
The user has something (can not easily copy the trusted device, such as the phone)
The user’s own characteristics (biometric identification system)

Azure Multiple Authentication (MFA) is Microsoft’s dual authentication solution. Azure MFA helps protect access to data and applications while meeting the needs of users for simple sign-in. It provides strong authentication through a series of authentication methods (including phone calls, SMS or mobile application authentication). (When using Azure multiple authentication, the organization does not charge for each phone call or send text that is sent to your end user.)

After reading the description is not that Azure multiple authentication service is very useful, we can serve as the user credentials escort role, the most important thing is completely free, and even telephone charges will not be charged, then worthy of Azure ten One of the great benefits.

Well, let’s see how to enable this feature for our Azure AD users. First log in to our Azure Classic Portal and find the Azure AD we created.

Azure AD currently has only one user, we add a new user.

Specify our user type as a new user, and then fill in our username.

And then in the user profile page, configure the corresponding user information, check the following ” Enable multiple authentication ” , above a warning message appears, suggesting that we have been configured for this user multiple authentication.

After the completion of our success has been configured to enable a multi-authentication users, is not very simple.

Next, we can jump to the specialized MFA management interface by ” Managing MFA” below the User tab .

In the MFA management page, we can see all the users, and can set the user to set the MFA , you can see whether the current selected user is enabled MFA , on the right can see the status of MFA , if it is enabled, We can click Disable to close the MFA , and if it is not enabled, this can be done by clicking Enable to quickly enable MFA for the user .

Click the service settings at the top of the MFA page to jump to the MFA service configuration page.

In the MFA Service Settings page, we can choose whether to allow users to create application passwords to log in using non-browsers. You can also configure the authentication method, the authentication method is generally combined with our mobile phone, such as call our phone, send text messages, through MFA App notification verification , verification code verification.

When you are finished, click Save to enable MFA for Azure AD . Again, despite the powerful Azure MFA , it provides a very high level of security for our user authentication, which protects enterprise data and user identities, combining Azure AD with third-party application development , and other Azure Service, is a very good PaaS service. Currently MFA not to users or Azure charge any fees account owner, and interested friends can try.

Leave a Reply

Your email address will not be published. Required fields are marked *