7 hours 58 minutes
Welcome back, and this episode we're gonna take a look at the demo of multi factor authentication.
Our goals include enabling in buffet inside our tenant and then configuring some of the options we have available to us. Let's jump out to the azure portal.
Here we are back in our azure portal and let's go take a look at the classic or legacy version of multi factor authentication.
First, let's go into azure active Directory, and if we go into users,
you may need to select theme or option. Here
we'll go into multi factor authentication,
and here we are presented with the users inside of our tenant and their current multi factor status.
We could select one of these users and enable them for multi factor authentication.
Or take a look at some of their user settings, such as requiring them to select their contact method again, deleting those at passwords that they may have generated or restoring him. FAA on their remember devices
as mentioned the slides as well. We could do a bulk update, So instead of individually selecting users in here,
we could create a C S V file with their log in name and their currents. M F A. Status enabled are disabled. Browse for that file, uploaded and do a bulk change like that. Let's go take a look at our service settings
here. Like we saw in the slides. We can allow or disallow our users, creating their own at passwords
we can configure trusted I. P's where multi factor authentication is gonna be skipped.
We can select the verification options that will allow our users to choose when they register for M F. A. We have options like called to their telephone number. Do a text message,
a notification through the mobile app or a verification code through the mobile app or a hardware token or device.
We could also allow users to remember multi factor authentication on devices, what they've already authenticated from and how long they can remember those. Four. We have an option of 1 to 60 days.
As I mentioned in the slides, this form of M F. A. Is considered a little legacy and not the preferred method. Ideally, we want to enable M F A through conditional access policies and require the user to register for it. Then
let's go back to the azure portal
and back in our azure active directory
who scroll down under security. We have an option here for M F A.
Let's go take a look at a couple of options we have here that we discussed in the slides.
First, we have fraud alert in this. Allow users to report fraud if they receive a two step or m f a verification requests that they didn't initiate.
We can set this fraud alert to on,
and then we also have the option of automatically blocking the users who report fraud.
And then we could also configure the code that users would input if they received a phone call to verify their identity.
Instead of pressing what I believe, the default is Pound to accept the M F. A request they get hit zero instead, indicate that this is a fraudulent request.
And speaking of phone call, we do have an option here to set phone call settings for US phone numbers. We can set the M F a Caller I D and also the number of pen attempts to allowed per call and also add custom greetings if we want in different languages.
As also mentioned, we can configure a onetime bypass to allow the user to authenticate without performing the two step verification. You could also set a time limit for how long you want the bypass toe last. If you suspect an account is compromised or has been previously blocked,
we can use the block and unblock users option here to either add users or remove them from a list of blocked users
they will not receive. M. FAI prompts in any authentication attempts will be denied
now on the other m f A service settings. We had the option of trusted I. P's, and we have the same option here for our conditional access in Maffei attempts. Let's go back to our Azure a D directory
back in our Azure 80 directory. Let's go take a look at conditional access,
and here we have the option of configuring named locations,
and here we can add a new location,
give her a location of name,
and we have the option of inputting an I P address range or selecting countries and regions.
And we're pretty confident our users are only gonna be logging in through certain countries or regions. We can select those here and add them as a trusted location.
We go back to our policies list
here under policies. We have the four baseline policies mentioned in the last episode.
These are available as part of the Azure 80 free or even stand alone office 3 65 licenses. You can use thes to require multi factor authentication for user's and administrators
that does it for this demo. Pretty short and easy. Just making sure you understand where you can go. Configure different policies and how to configure your service settings and enable users or bulk update users for multi factor authentication.
Let's jump back to the slides and wrap this up.
Coming up next, we're gonna take a look at some more developer focus topics with an introduction to Azure APP Service is
See you in the next episode.