Friday, October 22, 2021

Introduction to Azure Multifactor Authentication

 Azure AD MFA

Azure AD Multi-Factor Authentication (MFA) provides an extra layer security to our identities be it cloud base, synced or guest by requiring two or more method of validating authenticity of user.

Azure MFA work on a core element of: -

-        Something you know – could be a password or the answer to a security question.

-        Something you possess – could be a mobile app that receives a notification or a token-generating device.

-        Something you are - which is typically a biometric device, such as a fingerprint or face scan used on many mobile devices.

 

Licensing Requirement: -

-        Included in Azure AD premium licenses

-        Provided as a part of free or standard office 365 subscription for cloud only identities

-        Provided as a standard offering to cover global admin accounts irrespective of licenses

 

Why to use it?

User name and passwords are legacy authentication methods that are not strong enough to with stand with sophisticated attacks by modern hackers and even making password more and more complex make it hard to remember, hence, users will start writing it to desk or storing to some alternate source.

So, to make identities more secure and overcome these challenges multifactor authentication is playing a key role and azure multifactor authentication made it simpler and easier to implement and use.

What are different methods of authentication supported by Azure MFA?

Following Authentication methods are supported by Azure MFA

-        Password

-        Microsoft Authenticator App

-        OATH Hardware token

-        Text Message

-        Voice Call

-        App Password

What are the different ways to configure MFA?

Azure MFA can be configured from Azure Active Directory admin portal on per user basis or by using a conditional access policy where MFA can be enabled or disabled based group membership or by using other supported arguments.

Another method to enable MFA is by enabling security defaults to ensure that Microsoft recommended security policies should be enforced. However, this is only suitable for small deployment where conditional access policies are not required.

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Azure Privileged Identity Management (PIM)

Azure Privileged Identity Management deals in managing access governance framework around highly privileged office365 and Azure account. Azu...