Posted in AZ Network Engineer, Azure Administrator, Azure Security Engineer, Azure Solutions Architect, Endpoint Administrator, How To, Microsoft 365 Administrator, MS 365 Enterprise Administrator, MS 365 Modern Desktop Administrator, MS 365 Security Administrator, MS Cyber Security Architect Expert

Step by Step: Enabling Multi-Factor Authentication (MFA)

   October 10, 2023

Enabling Multi-Factor Authentication (MFA) for an Azure user, using email and PIN, and configuring a Conditional Access policy for access to the Azure Management Console involves several steps. Here’s a step-by-step guide:

Prerequisites:

  1. You must have administrative access to your Azure AD.
  2. Ensure that Azure AD Premium or an appropriate license is assigned to the user(s) for MFA access.

Enabling MFA for a User:

  1. Sign in to the Azure portal using your admin account.
  2. In the left-hand navigation pane, click on “Azure Active Directory.”
  3. Under “Security,” click on “MFA” to access the Multi-Factor Authentication settings.
  4. Click on “Users” in the MFA settings to view a list of users in your Azure AD.
  5. Find and select the user you want to enable MFA for.
  6. In the user’s profile, click on “Authentication methods.”
  7. Click “Enable” under “Authentication phone” to set up MFA with a mobile app or phone call. You can choose to receive a text message or a phone call and follow the on-screen instructions.
  8. In the “Verification options” section, enable “Mobile app” and follow the steps to configure the Microsoft Authenticator app. This is the email and PIN method.
  9. After configuring the verification methods, click “Save” to enable MFA for the user.

Configuring a Conditional Access Policy:

  1. In the Azure portal, navigate to “Azure Active Directory.”
  2. Under “Security,” click on “Conditional Access.”
  3. Click on “+ New policy” to create a new Conditional Access policy.
  4. Name your policy, e.g., “Azure MFA Policy.”
  5. Under the “Assignments” section, specify who the policy applies to. You can choose to target specific users or groups.
  6. Under the “Cloud apps or actions” section, choose “Select apps” and select “Microsoft Azure Management.”
  7. Under “Access controls,” click on “Grant” and choose “Require multi-factor authentication.”
  8. Configure any additional access controls and conditions you want, such as specific networks or device platforms. You can also configure session settings if needed.
  9. Review your settings, and click “Create” to save the Conditional Access policy.

Testing MFA and Conditional Access Policy:

  1. To test MFA, have the user sign in to their Azure account. They’ll be prompted to set up MFA using the Microsoft Authenticator app.
  2. To test the Conditional Access policy, try accessing the Azure Management Console with the user account. They will be required to complete the MFA setup using the email and PIN method before gaining access.

Once you’ve completed these steps, your Azure user will have MFA set up with the email and PIN method, and a Conditional Access policy will enforce MFA when accessing the Azure Management Console. This helps enhance security for your Azure resources by adding an extra layer of authentication.

Share: XFacebookPinterestLinkedin
Author: tonyhughes