Today I’m going to explain a bit about the two factor authentication mechanism and then I will show you how to implement it on Azure Directory.
Let’s start by explain about Authentication factors, there are 3 of a kind:
Knowledge factor (something the user knows) – for example: username + password
Possession/ownership factor (something the user has) – for example: token
Inherence factor (something the user is or does) – for example: fingerprint
If you will combine 2 factors together you will get a two factor authentication.
Got it? Good 🙂 , now let’s implement it on Azure:
1. Login to the management portal.
2. Go to the Active Directory tab.
3. Press on your Directory (if you don’t got one, create one) and then one manage multi-factor auth.
4. Then the multi factor authentication will pop-up, choose the user that you wish to implement a two factor authentication for him (you can see that the multi-factor auth. Status is disabled)
5. Check the username and press on enable and this screen will pop-up:
6. Press on enable multi-factor auth and then you will see that the Two Factor Auth. Status changed to Enabled:
7. In order to test it, please logout and try to login again to azure.
8. You will have to insert first your username and password and then Azure will tell you that you need to setup additional security verifications, press on set it up now :
9. I choose Mobile Phone for this scenario so insert your phone number and check the way you prefer to authenticate (phone number/SMS):
10. Hit next and click on verify:
11. You will get a phone call/SMS with 6-digit, enter them to the box and hit verify:
And after that you will get this message:
12. Hit the next button and you will get into step number 3, you will see that the 2 factor auth. Will work only on browsers and if you wish to enable it on app such as Lync you have to insert special password for them, because this article is about Azure I will skip it for now, so just press “I don’t use this account with these apps”:
13. Then the browsers will redirect you to the login page and you will get an SMS/Phone call which will give you 6-digits again, and you will have to enter it in order to login:
Have a great weekend everyone,
Senior Infrastructure Consultant
Agile IT Solutions