|
Note: If the wizard fails to launch, run Multi-Factor Authentication Server
|
| bet | 4/8 | | Sana | 22.07.2021 | | Hajmi | 78.77 Kb. | | #15678 |
Note: If the wizard fails to launch, run Multi-Factor Authentication Server.
Activate the Multi-Factor Authentication Server on DC1
|
Still on DC1, switch back to Internet Explorer, and click Generate Activation Credentials
Copy the email address to the Email field on the Activate page of the Multi-Factor Authentication Server management console
Copy the password to the Password field on the Activate page of the Multi-Factor Authentication Server management console and then click Activate
On the Join Group dialog box, click OK
Click Yes to run the Multi-Factor Authentication wizard
Click Next
Deselect Certificates and click Next
Accept the defaults and click Next
Click Finish to reboot the server
|
Establish MFA synchronization with Active Directory
|
From the Microsoft Azure Management Portal, connect up to the DC1 VM, logging in as Corp\LabAdmin
Note: If you receive a “Remote Desktop can’t connect to the remote computer …” message, the machine is probably still starting its services, try again in a couple of minutes.
On DC1 VM, from the Start menu, run Multi-Factor Authentication Server
Click Yes
In the left navigation pane for the Multi-Factor Authentication Server management console, click Directory Integration
Switch to the Synchronization tab
Select Enable synchronization with Active Directory
Select Remove users no longer in Active Directory
Deselect Always perform a full synchronization
Deselect Require administrator approval when disabled or removed users exceed threshold
Click Add…
Expand ., and click Corporate
Click the Method Defaults tab
Select Text message - this configures Azure MFA to challenge users via a two-way text message; compare this to the one-way text message experience offered by Azure Active Directory - integrated MFA
Click Add, click OK and click Close
Click Synchronize Now and click OK
In the left navigation pane, click Users
If you don’t see a list of users, press F5 until they appear
Verify that the JohnF@. user does not have an alert next to his user name and shows your mobile phone number in the Phone field
Select JohnF@. and click Test…
In the Password field, type pass@word1 and click Test
When you receive a text message from Microsoft, reply to the text with the six-digit verification code to complete authentication
When authentication completes, click OK and click Close
|
Install the AD FS adapter for the Multi-Factor Authentication Server on DC1 and configure settings
|
In the left navigation pane for the Multi-Factor Authentication Server management console, click AD FS
Select Allow user enrolment
Select Allow users to select method, and select the Phone call and Text message checkboxes
Select Use security questions for fallback and type 2 in the associated field
Verify that Enable logging is selected
Click Install AD FS Adapter…
Complete the installation
|
Register the Multi-Factor Authentication Adapter with AD FS
|
Run Windows PowerShell, as an administrator
In Windows PowerShell, enter the following commands:
|
|
| |
