3.22 MFA Demo

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
18 hours 43 minutes
Difficulty
Intermediate
CEU/CPE
9
Video Transcription
00:00
>> Welcome back. In this episode,
00:00
we're going to take a look at a demo of
00:00
multi-factor authentication.
00:00
Our goals include enabling MFA inside
00:00
our tenant and then configuring some of
00:00
the options we have available to us.
00:00
Let's jump out to the Azure portal.
00:00
Here we are back in our Azure portal,
00:00
and let's go take a look at
00:00
the classic or legacy version
00:00
of multi-factor authentication.
00:00
First, let's go into Azure Active Directory.
00:00
If we go into Users,
00:00
you may need to select the More option here.
00:00
We'll go into multi-factor authentication.
00:00
Here we are presented with the users inside
00:00
of our tenant and their current multi-factor status.
00:00
We could select one of these users and
00:00
enable them for multi-factor authentication
00:00
or take a look at some of their user settings such
00:00
as requiring them to select their contact method again,
00:00
deleting those app passwords that they may have generated
00:00
or restoring MFA on their remembered devices.
00:00
As mentioned in the slides as well,
00:00
we could do a bulk update.
00:00
Instead of individually selecting users in here,
00:00
we could create a CSV file with
00:00
their login name and their current MFA status,
00:00
enabled or disabled, browse for that file,
00:00
upload it, and do a bulk change like that.
00:00
Let's go take a look at our service settings.
00:00
Here like we saw in the slides,
00:00
we can allow or disallow
00:00
our users creating their own app passwords.
00:00
We can configure trusted IPs,
00:00
where multi-factor authentication is going to be skipped.
00:00
We can select the verification options that will allow
00:00
our users to choose when they register for MFA.
00:00
We have options like call to their telephone number,
00:00
do a text message,
00:00
a notification through the mobile app,
00:00
or a verification code through
00:00
the mobile app or a hardware token or device.
00:00
We could also allow users to
00:00
remember multi-factor authentication on
00:00
devices where they've already authenticated from,
00:00
and how long they can remember those four.
00:00
We have an option of one to 60 days.
00:00
As I mentioned in the slides,
00:00
this form of MFA is
00:00
considered a little legacy and not the preferred method.
00:00
Ideally, we want to enable MFA through
00:00
conditional access policies and
00:00
require the user to register for it then.
00:00
Let's go back to the Azure portal,
00:00
and back in our Azure Active Directory,
00:00
we scroll down under Security,
00:00
we have an option here for MFA.
00:00
Let's go take a look at a couple of options we
00:00
have here that we discussed in the slides.
00:00
First, we have fraud alert,
00:00
and this allows users to report fraud if they receive
00:00
a two-step or MFA verification request
00:00
that they didn't initiate.
00:00
We can set this fraud alert to on.
00:00
Then we also have the option of automatically
00:00
blocking the users who report fraud.
00:00
Then we can also configure
00:00
the code that users would input if they
00:00
received a phone call to verify their identity.
00:00
Instead of pressing what I believe the default is
00:00
pound to accept the MFA request,
00:00
they could hit "0" instead indicate
00:00
that this is a fraudulent request.
00:00
Speaking of phone call, we do have
00:00
an option here to set phone call settings.
00:00
For US phone numbers,
00:00
we can set the MFA caller ID and also the number of
00:00
pin attempts to allow per
00:00
call and also add custom greetings,
00:00
if we want, in different languages.
00:00
As also mentioned, we can configure
00:00
a one-time bypass to allow
00:00
the user to authenticate without
00:00
performing the two-step verification.
00:00
You can also set a time limit for how
00:00
long you want the bypass to last.
00:00
If you suspect an account is
00:00
compromised or it has been previously blocked,
00:00
we can use the block and unblock users option here to
00:00
either add users or remove
00:00
them from a list of blocked users.
00:00
They will not receive MFA prompts,
00:00
and any authentication attempts will be denied.
00:00
Now on the other MFA service settings,
00:00
we have the option of trusted IPs and we have
00:00
the same option here for
00:00
our conditional access MFA attempts.
00:00
Let's go back to our Azure AD Directory.
00:00
Back in our Azure AD directory,
00:00
let's go take a look at conditional access.
00:00
Here we have the option of configuring named locations.
00:00
Here we can add a new location,
00:00
give our location and name,
00:00
and we have the option of inputting
00:00
an IP address range or selecting countries and regions.
00:00
If we're pretty confident,
00:00
our users are only going to be
00:00
logging in through certain countries or regions,
00:00
we can select those here and add
00:00
them as a trusted location.
00:00
If we go back to our policies list.
00:00
Here under Policies, we have
00:00
the four baseline policies mentioned in the last episode.
00:00
These are available as part of the Azure AD
00:00
free or even standalone Office 365 licenses.
00:00
You can use these to require
00:00
multi-factor authentication for users and administrators.
00:00
That does it for this demo,
00:00
pretty short and easy.
00:00
Just making sure you understand where you can
00:00
go configure your different policies and how
00:00
to configure your service settings and enable users
00:00
or bulk update users for multi-factor authentication.
00:00
Let's jump back to the slides and wrap this up.
00:00
Coming up next, we're going to take a look at
00:00
some more developer focus topics with
00:00
an introduction to Azure App Services.
00:00
See you in the next episode.
Up Next