Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:00
Hello, Siberians. Welcome to this lesson on Azure Emma Fee.
00:04
This is the first part of a two part lesson in the desert. 500. Microsoft Azure security technologist costs
00:11
some quick information on what should be covering in this lesson. Well startled by discussing some trade against use identities on business, why Emma Fay is necessary wouldn't give an overview off the jury Memphis service on Discuss our service Walks, who proceeds to cover the implementation options off Gemma Fay. Some license and considerations
00:31
on the options that are available to configure MFP
00:34
for your 80 users. Let's get into this. When we look at the 20 landscape again, she's identities. Today
00:41
there few attacks that having a complex password can help us wait.
00:45
Having a complex password can help against trades like passwords, pre attacks and brute force attacks. My question to you is Disease can have any complex password. L pass with the following types off attacks,
00:58
creating show, stopping them picture play,
01:00
little bits extraction.
01:03
My were sniffing and keystroke, logging
01:06
off fishing or man in the middle attacks.
01:10
The hazards of this question is no,
01:12
because in all of this types of treads, the password has already been obtained on the past what has already been exposed.
01:19
So this is why more the fact that indication is a critical part off holistic identity, the security strategy.
01:27
So what exactly is as your mfp
01:30
as a M F. A. Is the motor step identity verification solution from Microsoft on the Weight Walks is that it requires resist verified. The identity is a minimum off to off the following element that could include things that users know Sophie's like passwords and answer the security questions.
01:51
And Doc would even include things that you the user processes, so feels like mobile phones, mobile application or even at where tokens.
01:57
How does the dream if a service work, if a user tries to access an application that uses as your A. D s identity provider, there will be redirected to Azure 80
02:07
which, after very find the first identity element of passwords indication who proceeds to validate at least one more element. And that could be using a mobile form which covers authenticator, hap SMS or even a phone call. Or that could be a hard we're talking once. The second fact often indication is very fine.
02:28
The years I can obtain the talking that it can use to access the application.
02:31
So as I m f A asked two flavors when it comes to implementation.
02:37
The first flavor is the azure MFS Service, which is a managed service instead in the azure cloud on its managed through the azure portal.
02:45
Second flavor is the azure MFS ever, which is an application that can be installed on Windows seven pharmacies. However, this second option off the other MFS ever is no longer available for deployment since July 2019.
03:00
But the visual, Why bring it up here? It's because I should look into the azure Pato. You will see references to this service on. You also still see it in Microsoft documentation. But just be aware that even though you can see the reference is still no longer available for new deployment, will talk about
03:19
new options that you can implement
03:21
if you're interested in just an M f. A. For on premises scenarios, let's have a quick look at a Joanna Fail licensing and features the features of our Jamey Fader. We can enable on the level of granularity that we can configure all depend on Azure 80 license into here,
03:38
and features like the ability to use a mobile application for second factor authentication
03:45
and the use off SMS and phone calls are available. Toe all tears off Azure 80. Licensing how we'd at different levels off granularity the free, additional factual 80. For example, Onley supports users in the global Administrator role to use SMS and phone calls for the second factor,
04:03
while other license in tears allows all users
04:08
features like been able to use a custom color Heidi when second factor verification from course of made
04:14
for the latte, which allows users to report foreland attempts to access their resources if they are prompted for two factor authentication that is no initiated by them Being able to skip MF verification for users access in applications from configure trusted eyepiece
04:30
on MFN reports, which gives access to view and download MFP authentication reports.
04:34
These features are only available to premium editions off Azure Haiti. Let's have a quick look at the configuration options for azure MF. There were different options to enable MF A for joy. Haiti uses on the options have different levels of granularity that they allow.
04:53
The first option is security, the Faults, which is a recently announced option for configuring MFF. Aisha Haiti Jesus.
05:00
It is configured on the directory tenant level, which means that we cannot have different policies for different users or applications. In other words and Nevland MF a using this option and neighbors it for all users off the azure 80 tenants. But this option is available. Toehold license in tears off azure Haiti.
05:21
Then we have the per user option.
05:24
The per user configuration options allows us to enable Emma Fee on an individual user basis.
05:30
I bought it a free on office street 65 editions off. Anxiety supports these, but only for users were assigned the global administrative. Oh,
05:40
while the premium additions allows this for every user.
05:45
And while this option as more grand elevated and security default, it does not allow granularity on an application basis.
05:53
When we enable Emery for user, there were needs to use M F A to access all supported applications. The tire adoption is using conditional access on. This allows for better flexibility. For example, we can requirement for state and applications. Why allowing access some other applications without Emma fee,
06:13
we'll cover conditional access in the modern tales in a little muddy. But this option is only available to premium additions off Brady.
06:20
And finally, Eman can be enabled by using as your 80 identity protection risk policy. This option is only available to Azure Eddie Premium P two on We will be covering identity protection in a little model. Also
06:36
in summary
06:39
here. The topics that were covered in this lesson.
06:42
We started out by discussing some threats against his identities on visits. Why I m f a is necessary
06:46
Would given overview off the azure MF a service on wood discussed out of service works with then president to cover the implementation off azure MF A. Some licensing considerations on the options that we have to configure MF A For as your 80 uses. Thanks very much for watching
07:05
and I'll see you in the next lesson.
07:08
Well, we'll cover the rest of the content on a J. Murphy. See you

Up Next

AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor