|
Task Detailed Steps
|
| bet | 2/8 | | Sana | 22.07.2021 | | Hajmi | 78.77 Kb. | | #15678 |
Task
|
Detailed Steps
|
|
Complete these steps from an internet-connected Windows computer.
|
Create an MFA provider and view the options found in the MFA Admin Console
|
Bring up the browser session with the Microsoft Azure Management Portal, and sign in as Admin2@.onMicrosoft.com
In the ACTIVE DIRECTORY workspace, select the Contoso… directory
Click MULTI-FACTOR AUTH PROVIDERS
Click CREATE A NEW MULTI-FACTOR AUTHENTICATION PROVIDER
Enter the name MFA
Ensure that the Usage Model is set to Per Enabled User
Select the Directory called is set to
Click CREATE
Click MANAGE (bottom toolbar)
On the left menu, under User Administration, click Block/Unblock Users - this section allows administrators to unblock user accounts after a potential fraud alert (note also a number of reports are available that relate to this)
Click One-Time Bypass – here administrators can configure users to authenticate once without MFA – the bypass is temporary and expires after a specified number of seconds and a reason can be recorded for reporting purposes
On the left menu, under Configure, click Settings – this section allows organizations to customize the MFA experience
Click Caching – here you can configure it so that once a user has successfully authenticated using MFA, subsequent authentication attempts for a set number of seconds will automatically succeed without MFA, and this can be per user across all applications, per user for a specific application name and authentication type, or all of these plus the same IP address – otherwise MFA will be required again
Click Notifications - this section allows organizations to set up notification messages to specified email addresses - these can be configured for Fraud Alerts, One-Time Bypasses, and Account Lockouts
|
Enable MFA for a specific user
|
Return to the Microsoft Azure Management Portal Internet Explorer tab
In the ACTIVE DIRECTORY workspace, click the Contoso… directory
Click Users
Click MANAGE MULTI-FACTOR AUTH (at the bottom)
Click the View drop-down and notice that you can apply this to sensitive roles automatically for example to all global administrators
Click the View drop-down and select Sign-in allowed users
Select Aldo Muller and click Enable
Click enable multi-factor auth
Click close
Select Aldo Muller and click Enforce
Click enforce multi-factor auth
Click close
|
User MFA experience
|
Open Internet Explorer in InPrivate Browsing mode and navigate to https://myapps.microsoft.com and sign in as AldoM
When prompted click Set it up now to set up multi-factor authentication, noting the different authentication methods
Select your country and enter your phone number (you can use your real mobile number) and select the desired Method (Send text message/Call me), then click Contact me
Complete the verification process (ignore the app password for now, we will look at this in a later lab)
Sign out and sign in as AldoM again
You are sent a verification code via your chosen method – complete the verification and complete the sign in
Sign out
|
Reporting on MFA
|
Return to the Microsoft Azure Management Portal Internet Explorer tab
In the ACTIVE DIRECTORY workspace, select the Contoso… directory
Click MULTI-FACTOR AUTH PROVIDERS
Click MANAGE
Click VIEW A REPORT (or Usage on the left) - you have the following reports: Summary, User Summary, and User Details
Click User Summary - notice that you can filter the information displayed in the report
Click Run – the report is now in the queue and will be accessible once complete
Click Queued
Locate the report you just created and click View – this report lists an in-depth summary of the MFA requests made by particular users within a set time range
Close the Multi-Factor Authentication tab
|
|
| |
