Posted in Azure Active Directory, Microsoft Azure

Microsoft Azure – How to enable Azure AD Multifactor Authentication using Azure Portal

In this article, we will learn how to enable the Azure AD multi-factor Authentication via Azure Portal.

In previous article, we learnt how to set up Azure AD and create users and group, so we will continue to use that user and group for this article.

https://kapilsqlgeek.wordpress.com/2019/03/21/microsoft-azure-how-to-create-the-azure-active-directory-ad-using-azure-portal/

So, what is multi-factor authentication?

In today’s world just having a userid and password is not secure enough which contains of letters, symbols, numbers etc. and no matter how complex it is. Once your password is lost its easy for other users to break into your system and steal important information.

So multi-factor authentication refers more ways to authenticate more than just your password.

User can add another layer of authentication either via phone, email, authentication app, security tokens etc. If a user is authenticating via phone then a text message will come to registered mobile number which is needed during login process to complete the authorization, or if user choose the email option then user receive an email with some random numbers which is required other than your password. This way an another layer of security can be added.

Microsoft Azure AD supports multi-factor authentication and its available as add on service and a billing model will be associated with it.

If you are using a premium AD service, then its included in that.

So, let’s see the demo of how we can enable MFA.

  1. Login to Azure Active Directory
  2. Click on Users tab. All user list will appear
  3. Click on Multi-factor authentication at the top. After you click it will take you to another website in new tab or window.

 

  1. A new window will open for multi-factor authentication.
  2. At top, there are two section ‘Users’ and ‘Service Settings’. By default, User section will open.

 

  1. Click on ‘Service Settings’. Here you can see the available option for verification and modify the options as per your choice and need.

 

  1. Now, select the user from User tab for which you need to enable MFA and click ‘Enable’

 

  1. A popup window will appear. Click on ‘enable multi-factor authentication’.

 

  1. Close the window. You can see that MFA status has been changed to ‘Enabled’ now.
  2. Now try to login to Azure Portal with this user login.
  3. After entering login and password, another screen will come for MFA. Click Next

 

12. Select the option for verification. I choose the ‘Authentication Phone’ as default option. Select your country name, enter your phone number and click ‘Next’.

 

  1. Enter the verification that you will receive on your phone number and click Verify.
  2. Click ‘Done’
  3. Now, from next time when you will login to Azure portal from this user you need to provide extra authorization.

 

So, this way you can enable multi-factor authentication using Azure AD.

 

 

Advertisements
Posted in Azure Active Directory, Development, Microsoft Azure

Microsoft Azure – How to create the Azure Active Directory (AD) using Azure Portal

Microsoft Azure Active Directory (AD) is a cloud based service to handle the identity and access management. It has the capabilities like multi factor authentication, self-service password reset, role based access control, security monitoring, managing alerts etc. When user create an Azure AD directory it automatically links with Azure subscription.

Azure AD provide easy way to give users single sign-on (SSO) access to various application like office 365, Dropbox, salesforce etc. Azure AD improve application security with multi-factor authentication and conditional access.

Azure AD can also be integrated with on premise Windows AD using Azure AD connect which provides organizations to use their existing on premise identity system to manage access to cloud based application.

Azure AD capabilities comes up in 3 versions Basic, Premium P1 and Premium P2. Paid editions P1 and P2 are built on top of free versions and provide more rich security facilities like monitoring security, self-service password management, privilege identity management etc.

 

Now, let’s jump on the demo part and learn how to create the active directory.

  1. Login to Azure Portal (If you don’t have Azure account then you can sign up for Azure free trial)
  2. From the left side pane, select Azure Active Directory or write it in a search box from the top of Azure dashboard.
  3. In create directory section, fill out the details like organization name, initial domain name, select country or origin. Initial domain name should be unique else it will throw error if it’s already used by another user.

 

  1. Click on ‘Create’ button to create the directory.
  2. After successful creation of directory, a new window appears as shown below –

  1. Now next step is to create a group in the directory and assign a user to a group.
  2. Click on ‘Groups’ tab to create a new Group.
  3. Click on ‘New Group’
  4. Enter the Group Name as ‘IT’.

 

  1. Click ‘Create’ button.
  2. You can see the new group in Group window

12. Click on ‘Users’ tab to create a new user.

13. Click on ‘Create new user’

14. Fill the details like Name, User name, profile, directory.

15. Enter name ‘adkktest’

16. Enter User Name which user enters to sign in to Azure AD. You should use the domain that you use at the time of creation of active directory. E.g. addkktest@adkktest1.onmicrosoft.com

You can define the custom domain but for that you need to registered them.

 

  1. Fill the details in Profile section.

  1. Select the Group that you have created earlier. E.g. IT
  2. Select the Directory Role.
  3. Click on ‘Show Password’ and note down the password. You will need it when login with new username.
  4. Click ‘Create’
  5. New user has been created successfully associated with a group.

So, this is how we can create a new directory and then create a group and assigned users to them.