Hello everyone, my name is Tarik Rukab.
I am a 26-year-old Microsoft Certified Trainer with ExitCertified and Axcel Instructor-led Training. Today, I would like to briefly go over a quick demonstration on how to implement multi-factor authentication in Azure. There are actually a couple of ways to do that. We can do it on a per-user basis, which is one user at a time or maybe just a handful of users. Alternatively, we can also implement it in bulk, meaning many users and/or company-wide, by using a conditional access policy. That's what I would like to demonstrate here today.
You'll notice that I already have Azure opened up here and shared on my desktop. I'm going to move my picture over here to the far right. Okay, so I'm in the Azure portal, and I've logged in with my Microsoft intra ID, which is Microsoft's cloud-based identity management solution, formerly called Azure AD.
Now, first, let's take a look at how to set up multi-factor authentication on a per-user basis. If we come into the Azure portal and navigate to "Users" under the "Manage" section, we'll see a list of users. Here, we can select individual users and enable multi-factor authentication for them.
For example, let's select a user like Lynn Robbins, who currently has multi-factor authentication disabled. We can simply check the box next to their name and then click "Enable" to enable multi-factor authentication for that user.
Once we've enabled multi-factor authentication for selected users, we can move on to implementing it company-wide using a conditional access policy. But before we do that, let's quickly go over what conditional access policies are and why they're important.
Conditional access policies are used for various reasons and deployment options in the Azure and Microsoft 365 ecosystems. Today, we're going to use it to force multi-factor authentication company-wide, which is highly recommended by Microsoft and considered a real-world best practice.
Now, let's proceed to set up a conditional access policy for multi-factor authentication company-wide. Starting from the Microsoft intra ID tenant, we navigate to the "Security" section and select "Conditional Access" under the "Protect" section. Here, we can create a new conditional access policy.
We'll give the policy a name, such as "Require Multi-Factor Authentication for M365." Then, we'll specify the users to whom the policy applies. In this case, we'll select "All Users" to enforce multi-factor authentication for everyone in the organization.
Next, we'll choose the target resource, which in our case is Office 365 or Microsoft 365. This ensures that multi-factor authentication is enforced for all applications within the Microsoft 365 suite.
Skipping over additional conditions, we'll move to the "Grant" section and select "Grant Access." This means that access will be granted only if multi-factor authentication is successfully completed.
Finally, we'll enable the policy and save our settings. Now, any user who attempts to access Microsoft 365 resources will be prompted to complete multi-factor authentication.
To illustrate, let's create a new user and attempt to log in with that user. Upon login, the user will be required to register for multi-factor authentication before gaining access to Microsoft 365 resources.
Additionally, we have the flexibility to control which authentication methods users can use. For example, we can specify that users must use the Microsoft Authenticator app for multi-factor authentication.
In summary, implementing multi-factor authentication company-wide using conditional access policies is a crucial step in securing your organization's data and resources. It helps protect against unauthorized access and enhances overall security posture.
Thank you for joining me today, and I hope this demonstration was helpful in understanding how to implement multi-factor authentication in Azure.