Wondering how to setup Azure multi-factor authentication? We can help you with it.
Here at Bobcares, we have seen several such Azure related queries as part of our Server Management Services for web hosts and online service providers.
Today, we’ll take a look at how to set up Azure multi-factor authentication.
Azure multi-factor authentication setup
Multi-factor authentication refers to the system in which more than one system authenticates the user to access an application. This authentication offers better security for Azure clients.
In this process, first, the user signs in with the username and password in a normal way. The credentials are verified and then if the automated call authentication is activated, the user receives a call and is asked to confirm the sign-in attempt.
Now let’s take a look at how our Support Engineers setup the Azure Multi-Factor Authentication.
Creating a Multi-Factor Authentication Provider
- In Microsoft Azure, we click on ‘New’ at the left bottom corner >> App Services >> Active Directory >> Multi Factor Auth Provider >> Quick Create.
- Next, we enter the name of the provider.
- Then we select the Usage model. Here, we are considering ‘Per Authentication’
Note: It is not possible to change the usage model once a multi-authentication provider is created. So we need to consider the needs before choosing.
- Now we get an option about if we wish we can link the existing directory or not. Here, we are linking an existing directory name ‘bobcares’ that we previously created for a multi-factor provider.
- After we click on ‘Create’, it will list in our services list. Then we select the multi-factor provider that we just created.
- We select ‘Manage’ at the bottom of the screen and we will land on a new page.
- Here, we select ‘Configure’ to choose the authentication.
- Here, we can set the number of attempts, change the phone number from where the call is made (default number is already there), two-way message timeout (default is 60 seconds), one-time password’s timeout (default is 300 seconds) under general settings. Also, we can provide an email address where we can be notified if a one-time password is bypassed.
- When we scroll down the page, we see the fraud settings. Under Fraud Setting, we can choose to allow the users to send fraud alerts, block the user if an alert report, and also set an e-mail address where alerts are sent.
This activates the multi-factor authentication. When users sign in to their account next time, they will need to choose one of the three methods (automated message, text message, or mobile app). Using the chosen method, authentication is made to them each time they sign in to their account.
Enabling the Multi-Factor Authentication for Existing Directory
In the previous section, we saw how to link the directory to a multi-factor authentication provider while creating it. However, we can also do it for a particular user in the following way.
First, we go to the directory by choosing it from the left panel and click ‘Manage MultiFactor Auth’ at the bottom of the screen.
In the next screen, we select the user and enable or disable the multi-factor authentication for the user.
[Need any further assistance with Azure queries? – We are here to help you.]
Today, we saw how our Support Engineers setup Azure multi-factor authentication.