Skip to main content

Multi-Factor Authentication Features with Office 365 and Azure

By July 17, 2017September 16th, 2020Azure, Blog, Microsoft, Office 365, Office 365, Security, Windows
Microsoft Azure Multi-Factor Authentication Diagram

Here is some basic knowledge on Multi-Factor Authentication (MFA) for Office 365 and Azure.  What is cool about this is you can now use it to customize caller ID and flag fraud alerts, among other things.

Multi-Factor Authentication Fraud Alert

This is a great security feature! If your users receive a multi-factor authentication request when they aren’t expecting it (maybe they are golfing, shopping, having their nails done, attending night classes, or watching the Seattle Seahawks win the Super Bowl!), they can ignore the call or answer and hang up without pressing # to deny access to the person attempting to use their credentials.

The fraud alert feature also takes it a step further and allows your user to be more proactive about attempted attacks. They can answer the phone and enter their configured fraud alert code (0# by default, but customizable) to report the attempted access. Not only will it deny the authentication taking place, but will put a block on that user’s account so that additional authentication attempts are automatically denied without continuing to bother the user. It can also send an email notification to any configured email addresses such as the security team and IT admins so that they can take action, investigate, and change the user’s password. Once they have taken appropriate action, they can unblock the user’s account in the MFA Management Portal.

Multi-Factor Authentication with Office 365 & Azure

Multi-Factor Authentication with Office 365

Now that multi-factor authentication is included with Office 365 user licenses as well as administrator access to Azure, there might be some questions about the additional features you can get with Microsoft Azure Multi-Factor Authentication. The chart below shows the feature comparison.

Multi-Factor Authentication Features Comparison chart

The Multi-Factor Authentication Management Portal

The primary features that Microsoft Azure Multi-Factor Authentication unlocks are those  found within the Multi-Factor Authentication Management Portal, which can only be accessed after creating a Multi-Factor Auth Provider in the Azure Management Portal. Creating that provider and linking it to an Office 365 directory are what upgrade an Office 365 tenant from having Multi-Factor Authentication for Office 365–with a subset of features–to having Microsoft Azure Multi-Factor Authentication, which contains all of the available features. View this post from Microsoft to learn how to get started.

how to create Multi-factor Authentication provider screenshot

To create a Multi-Factor Auth Provider sign into the Azure Management Portal and go to Active Directory, then Multi-Factor Auth Providers. Create a new provider by providing a name, usage model for billing and link it to your directory unless being used for on-premises applications only.

Let’s go over some of the things you can do in the MFA Management Portal to take advantage of these additional features. The features are accessed by managing your Multi-Factor Auth Provider.

Multi-factor authentication portal screenshot

To access the MFA Management Portal, select a Multi-Factor Auth Provider and click Manage.

Multi-factor authentication management portal screenshot

Here, we can see the advanced features  accessed through the Multi-Factor Authentication Management Portal.

Beth Zange-Sellers, PEI

Leave a Reply