Hello, Siberians, walk up to this lesson on Azure. MFP.
This is the second part off a two part Lessing in the Laser 500. Microsoft Azure Security Technologist casts
some quick information on what you're recovering in this Lessing,
who started by covering one of the two options to enable Emma Fee for Azure 80 users using as your MF Ages of Settings.
Well, then cover as your M F A user states that are possible when he's in this option for discusses several ever configuration files. Um, if a and we'll conclude by discussing the options to integrate as your M F A interim premises scenarios, let's get into this.
One of the options to enable Murphy is on the per user basis on As we saw earlier, this option is available to all license in tears, but that's different levels off granularity.
So do these. We can access the M F A user settings. True, the azure pato we can don't selects to users that we want to enable a month before and then click on the enable option.
Let us look at a different user states and what's the mean when we use this option
first we have the disabled states, which means that I M. F A has not been enabled for the user.
We don't have the enabled states, which means that Emma face enabled for the user. But they're yet to register the devices applications that they will be using for their second factor authentication.
And finally, we have the in for stitches estates, which means that I m. F has been a neighbor for the user, and they have completed the registration process.
There will also be required to enter application passwords for legacy applications like old office clients that does not support MF A. They're also configuration options that we can configure on the service level. Fraser in If it, for example,
we could allow users to create application passwords that could be used to authenticate legacy applications that don't support more than not indication protocols
on. Because this applications don't support modern authentication protocols, they cannot use MFP. So applications like Office 2010 Apple Mail before US 11 fall into this category. We can also configure Opto 55 inches off I P addresses that can bypass MM for users.
This could be used to skip M F A
when Jesus are connecting from the company's trusted network. We can also configure methods that users can use for authentication on the number off days before Jesus, I required to be authenticated with MF A. Let's discuss a dream a fee for on premises, some various If you still use a Windows videos infrastructure in Paris, ease
and would like to be able to use as your M F A.
The MFS Sever, as we mentioned earlier, is no longer available, but you can implements the MPs extension that will allow your videos infrastructure on premises to send MF request. So the azure mm thick cloud service. If you're interested in using a DFS,
there is a beauty, an adapter that integrates directly with azure cloud. MFS Service on this is built into a window, several prison system trying to 16 and above.
Here's a quiz question for you. Your company has two offices in Seattle and New York.
Each office connects to the Internet by using in that device
the office is used. The I P address is shown in the following table.
The company has on a jury 80 tenants named Contest so that Come
Lieutenant contains the users shown in the following table. The MFS service settings are configured as shown here for hitch of the following statement. Select yes. If the statement is true, otherwise selects no statement. Number one.
If you the one size into azure from a device that uses an I P address off one theta for that 18. That $14 stain
is the one must be authenticated by using the phone
It was selected yesterday statement. You would be correct because she's the one as ml fi enabled India settings.
And also they're not connecting from an I P address range that has MF escaped statement. Number two.
If you start to science in tow Azure from a device in the Seattle office,
you said two must be authenticated by using the Microsoft authenticator Hap yes or no
if it's elected. No, you would be correct because user to does have MF and Fast
India user settings.
And they're also not connecting from an I p address range that Emma face skipped. Far,
however, the configured verification methods are only call it a phone and text message to front. So authenticator half is not configured so that out of the options
statement. Number three.
If you were to science into Hajer from a device in the New York office is the two must be authenticated by using a phone Yes or no If it's elected no to that, you would be correct because everyone the user to as MF and Fast India user settings they have connecting
from an i p address range in this case, the New York
public, not segments that has MFS skipped so the user would not need to perform multi factor authentication. He has some supplemental links for further studies on the topics covered in this lesson in summary here. The topics that were covered in this lesson
who started by covering one of the options to enable Mff Leisure 80 uses using azure M F A user settings
with uncovered as, um, a fee. Use the states that are possible when using this option,
but it's cost the service level configuration fragile. Timofei and we concluded by discussing the options to integrate as your M F A in tow on premises scenario,
especially since de Memphis ever is no longer an option.
Thanks very much for watching on. I'll see you in the next lesson