Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Azure Security Cookbook

You're reading from   Azure Security Cookbook Practical recipes for securing Azure resources and operations

Arrow left icon
Product type Paperback
Published in Mar 2023
Publisher Packt
ISBN-13 9781804617960
Length 372 pages
Edition 1st Edition
Languages
Tools
Arrow right icon
Author (1):
Arrow left icon
Steve Miles Steve Miles
Author Profile Icon Steve Miles
Steve Miles
Arrow right icon
View More author details
Toc

Table of Contents (15) Chapters Close

Preface 1. Part 1: Azure Security Features
2. Chapter 1: Securing Azure AD Identities FREE CHAPTER 3. Chapter 2: Securing Azure Networks 4. Chapter 3: Securing Remote Access 5. Chapter 4: Securing Virtual Machines 6. Chapter 5: Securing Azure SQL Databases 7. Chapter 6: Securing Azure Storage 8. Part 2: Azure Security Tools
9. Chapter 7: Using Advisor 10. Chapter 8: Using Microsoft Defender for Cloud 11. Chapter 9: Using Microsoft Sentinel 12. Chapter 10: Using Traffic Analytics 13. Index 14. Other Books You May Enjoy

Implementing Azure AD multi-factor authentication

We must adopt a zero-trust strategy in the perimeter-less world of cloud services and hybrid working more than ever. This means that we must assume breach and never trust, always verify.

Azure AD MFA provides an additional layer of defense; we never trust a single authentication method and must assume that the traditional password method has been compromised. Microsoft studies show that when you implement MFA, your accounts are more than 99.9% less likely to be compromised.

This recipe will teach you how to implement Azure AD MFA in your environment’s AD tenancy.

Getting ready

This recipe requires the following:

  • A device with a browser, such as Edge or Chrome, to access the Azure portal: https://portal.azure.com.
  • You should sign into the Azure portal with an account with the Global Administrator role.
  • You will require Azure AD Premium licenses or trial licenses.
  • If you have Security Defaults enabled, you will automatically have MFA enabled for all users and administrators using the free benefits of Azure AD. Using one of the paid Azure AD Premium licenses provides additional capabilities, such as the additional authentication methods of verification codes, text messages, or phone calls, as well as the following:
    • Azure AD Premium P1: This license includes Azure Conditional Access for MFA
    • Azure AD Premium P2: This license adds risk-based Conditional access to MFA through Information Protection

How to do it…

This recipe consists of the following task:

  • Configuring MFA

Task – configuring MFA

Perform the following steps:

  1. From the Azure portal, go to Azure Active Directory, click Security in the Manage section from the side menu, and then click Multifactor authentication.
  2. From the Multifactor authentication | Getting started blade, click the Additional cloud-based multifactor authentication settings hyperlink under the Configure section heading:
Figure 1.23 – Multifactor authentication | Getting started

Figure 1.23 – Multifactor authentication | Getting started

  1. Two tabs are available from the new multi-factor authentication page that opens; select the user’s tab and then users to enable MFA:
Figure 1.24 – MFA configuration screen

Figure 1.24 – MFA configuration screen

  1. From the user pane on the right, click on the Manage user settings hyperlink in the quick steps section:
Figure 1.25 – MFA selected user pane

Figure 1.25 – MFA selected user pane

  1. On the Manage user settings pop-up screen, select any of the three options as required and then select save:
Figure 1.26 – Manage user settings pop-up screen

Figure 1.26 – Manage user settings pop-up screen

  1. Click Enable on the user pane screen from Step 4 of this recipe. From the About enabling multi-factor auth pop-up screen that appears, read the provided links, click enable multi-factor auth, and click close on the Updates successful screen.
  2. To disable a user for MFA, select the user from the user pane, click Disable in the quick steps section, select Yes on the pop-up screen, and click Close:
Figure 1.27 – Disabling MFA for a user

Figure 1.27 – Disabling MFA for a user

  1. You may bulk update enabling users for MFA by selecting the bulk update button and uploading a CSV file; a template file will be provided that you can download.
  2. Once the user tab configuration is complete, select the service settings tab in the multi-factor authentication browser window:
Figure 1.28 – The service settings tab’s settings

Figure 1.28 – The service settings tab’s settings

  1. From the service settings screen, set the required options and click save. Note the verification options section.

With that, you have configured MFA. This concludes the hands-on tasks for this recipe.

How it works…

In this recipe, we looked at how to enable Azure AD MFA in our environment’s Azure AD tenancy to provide an additional layer of security for users to sign to protect their identity from compromise.

Azure AD MFA requires us to provide one or more additional factors as a method to authenticate in addition to the password factor.

We can use the following authentication factors:

  • Something we know (password)
  • Something we own (device)
  • Something we are (biometrics)

See also

Should you require further information, you can refer to the following Microsoft Learn articles:

  • Secure Azure Active Directory users with Multi-Factor Authentication: https://learn.microsoft.com/en-us/training/modules/secure-aad-users-with-mfa/
  • Features and licenses for Azure AD Multi-Factor Authentication: https://learn.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-licensing
  • Azure Active Directory fundamentals documentation: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals
You have been reading a chapter from
Azure Security Cookbook
Published in: Mar 2023
Publisher: Packt
ISBN-13: 9781804617960
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime