How to: Set two factor authentication to users inside Azure Directory

  • Article

Hello all,

Today I’m going to explain a bit about the two factor authentication mechanism and then I will show you how to implement it on Azure Directory.

Let’s start by explain about Authentication factors, there are 3 of a kind:

Knowledge factor (something the user knows) – for example: username + password

Possession/ownership factor (something the user has) – for example: token

Inherence factor (something the user is or does) – for example: fingerprint

If you will combine 2 factors together you will get a two factor authentication.

Got it? Good  http://blogs.microsoft.co.il/agile/wp-includes/images/smilies/icon_smile.gif , now let’s implement it on Azure:

1. Login to the management portal.

2. Go to the Active Directory tab.

3. Press on your Directory (if you don’t got one, create one) and then one manage multi-factor auth.

4. Then the multi factor authentication will pop-up, choose the user that you wish to implement a two factor authentication for him (you can see that the multi-factor auth. Status is disabled)

5. Check the username and press on enable and this screen will pop-up:

http://blogs.microsoft.co.il/agile/wp-content/uploads/sites/1317/2014/05/31.jpg

6. Press on enable multi-factor auth and then you will see that the Two Factor Auth. Status changed to Enabled:

http://blogs.microsoft.co.il/agile/wp-content/uploads/sites/1317/2014/05/41.jpg

7. In order to test it, please logout and try to login again to azure.

8. You will have to insert first your username and password and then Azure will tell you that you need to setup additional security verifications, press on set it up now :

http://blogs.microsoft.co.il/agile/wp-content/uploads/sites/1317/2014/05/51.jpg

9. I choose Mobile Phone for this scenario so insert your phone number and check the way you prefer to authenticate (phone number/SMS):

 http://blogs.microsoft.co.il/agile/wp-content/uploads/sites/1317/2014/05/61.jpg

10. Hit next and click on verify:

http://blogs.microsoft.co.il/agile/wp-content/uploads/sites/1317/2014/05/72.jpg

11. You will get a phone call/SMS with 6-digit, enter them to the box and hit verify:

http://blogs.microsoft.co.il/agile/wp-content/uploads/sites/1317/2014/05/81.jpg

And after that you will get this message:

http://blogs.microsoft.co.il/agile/wp-content/uploads/sites/1317/2014/05/9.jpg

12. Hit the next button and you will get into step number 3, you will see that the 2 factor auth. Will work only on browsers and if you wish to enable it on app such as Lync you have to insert special password for them, because this article is about Azure I will skip it for now, so just press “I don’t use this account with these apps”:

http://blogs.microsoft.co.il/agile/wp-content/uploads/sites/1317/2014/05/10.jpg

13. Then the browsers will redirect you to the login page and you will get an SMS/Phone call which will give you 6-digits again, and you will have to enter it in order to login:

http://blogs.microsoft.co.il/agile/wp-content/uploads/sites/1317/2014/05/11.jpg

That’s it,

Have a great weekend everyone,

Ido Katz

Senior Infrastructure Consultant

Agile IT Solutions