From the course: Career Essentials in System Administration by Microsoft and LinkedIn

Multi-factor authentication

From the course: Career Essentials in System Administration by Microsoft and LinkedIn

Multi-factor authentication

- Multifactor is something you have, like, a fingerprint and something you know, like, a username and password. Azure and Microsoft 365 have multiple ways of setting up multifactor authentication. Besides a fingerprint, you could use an app on your phone or a texted code using SMS. Here are the complete list of MFA options Here are the complete list of MFA options in Azure Active Directory. There are various options for CIS admin. So you can decide which one or ones you would like to incorporate. You can set up security defaults for all users or create custom conditional access policies and apply to specific users as needed. Here's an example of setting up MFA in Microsoft 365 for exchange online. You can see the list of Azure Active Directory users. I'm going to go ahead and choose the multifactor authentication button. So you don't have to select any specific person. Just go ahead and click this button, it'll open a new tab and then you can specify which users you would like to use, multifactor authentication or MFA. I'm going to choose the user at the top named Al, I'll select that user. And here we have some options. One is the manage user settings for selecting for MFA. One is the manage user settings for selecting for MFA. We can require selected users to provide contact methods again in case, they've used this in the past. We can delete all existing app passwords that may have been generated by the users and create new ones. And we can also restore multifactor authentication on all remembered devices that may have been used in the past as well. So I'll click cancel to that and just choose enable since Al's never had multifactor enabled. And I'll click enable. And now it's enabled. Next I'm going to log into Outlook on the web and make sure that multifactor authentication is prompting me to set that up. I went to outlook.office.com on a web browser and it's prompting me to pick an account. You can type in a new account or use one you've used in the past. Next, you're going to want to put in your password. And then you're going to see this message that says your organization needs more information in order to set this up. It doesn't mention multifactor authentication here but this is the reason why we're getting this message. So I'll click next. Now we see the options for how we can be contacted. You can see a phone number that I went ahead and entered and you can also choose the authentication phone, office phone or mobile app option, which is the Microsoft Authenticator. I'm going to choose the text message option, since that's an easy way to work with just about any phone and click next. Now I'm going to get a text message. And I'll put in the verification code. I've entered the code and keep in mind, that the code is only going to work for about 10 minutes before it's going to have to be refreshed if you don't enter it fast enough. I'll click verify. Now take a look at this particular app password. This is if you're going to use Outlook, Microsoft Office, Apple Mail, those kinds of things for multifactor authentication. You're going to need a separate password the first time that you log into it. So you can copy that by clicking here and then you can paste it in when prompted if you go to open up Outlook, for example. And now I'll click done. Now Outlook is opening after setting up my multifactor authentication and verifying using the code. And there's my Outlook on the web. Multifactor authentication can add a lot of needed security to Microsoft 365 and Azure users to Microsoft 365 and Azure users to ensure only authorized users can access accounts and applications.

Contents