Agenda – Azure Multi-Factor

Authentication (MFA)
• What is MFA?
• Why MFA?
• How does it work?
• Demo on how to enable MFA/Usability

You’ll leave with an understanding of

To enable/access cloud Azure MFA
How to leverage Azure MFA to improve security

Microsoft Azure
Authentication in Motion

Microsoft Azure
What is Multi-Factor Authentication…..?
 Any two or more of the following factors:
 Something you know - a password or PIN
 Something you have - a phone, credit card or hardware token
 Something you are - a fingerprint, retinal scan or other biometric
 Stronger when using two different channels

 Types of Multi-Factor Authentication:

Hardware OTP Tokens Phone-Based Authentication:
Certificates
Smart Cards Phone Call, Text Message, and
PushSoftware OTP Tokens

Microsoft Azure
What is Azure Multi-Factor
Authentication?
A stand-alone Azure Identity and
Access management service also
included in Azure Active Directory
Premium
Prevents unauthorized access to both
on-premises and cloud applications by
providing an additional level of
authentication
Trusted by thousands of enterprises to
authenticate employee, customer, and
Microsoft Azure
partner access.
Why Azure Multi-Factor
Authentication?

Online
Azure Services &
Office 365 Resources for SaaS On-prem
Resources Administrators Resources Services

Microsoft Azure
How it Works

Microsoft Azure
 Users sign in from any device using Users must also authenticate using their phone
their existing username/password. or mobile device before access is granted.

RADIUS
LDAP
IIS
RDS/VDI
 In Closing

 Protects Office 365, Salesforce, and other SaaS apps

 Reduce risk, meet compliance requirements

 Deploy on-prem or in the cloud

 Added security for your data and applications with ease

for end users

Microsoft Azure
 Resources

- https://msdn.microsoft.com/en-
us/library/azure/dn906877.aspx

- https://msdn.microsoft.com/library/azure/dn394289.aspx#i
pwhitelist

Microsoft Azure
 Q&A

Microsoft Azure
 MFA for Office 365/Azure Azure Multi-Factor
Administrators Authentication
Administrators can Enable/Enforce MFA to end-users
Use Mobile app (online and OTP) as second authentication factor
Use Phone call as second authentication factor
Use SMS as second authentication factor
Application passwords for non-browser clients (e.g. Outlook, Lync)
Default Microsoft greetings during authentication phone calls
Custom greetings during authentication phone calls
Fraud alert
MFA SDK
Security Reports
MFA for on-premises applications/ MFA Server.
One-Time Bypass
Block/Unblock Users
Customizable caller ID for authentication phone calls
Event Confirmation

14