Skip to content
Permalink
Browse files

deploy

  • Loading branch information...
mbcrump committed Mar 26, 2019
1 parent a1fb8da commit 3ea9d78abcfbb7db9a42fb400ad459c1e2888a44
Showing with 57 additions and 7 deletions.
  1. BIN .DS_Store
  2. +12 −7 .vuepress/config.js
  3. +45 −0 blog/tip190.md
BIN +0 Bytes (100%) .DS_Store
Binary file not shown.
@@ -30,13 +30,7 @@ module.exports = {
{
title: 'Recently Added',
collapsable: true,
children: [ '/blog/tip189', '/blog/tip188', '/blog/tip187','/blog/tip186', '/blog/tip185', '/blog/tip184', '/blog/tip183' ]
},
{
title: 'AzCopy',
collapsable: true,
children: ['/blog/tip81',
'/blog/tip139' ]
children: [ '/blog/tip190', '/blog/tip189', '/blog/tip188', '/blog/tip187','/blog/tip186', '/blog/tip185', '/blog/tip184', '/blog/tip183' ]
},
{
title: 'App Service',
@@ -46,6 +40,17 @@ module.exports = {
'/blog/tip112', '/blog/tip113', '/blog/tip117', '/blog/tip119', '/blog/tip132', '/blog/tip143',
'/blog/tip144', '/blog/tip149', '/blog/tip184' ]
},
{
title: 'Authentication',
collapsable: true,
children: ['/blog/tip190' ]
},
{
title: 'AzCopy',
collapsable: true,
children: ['/blog/tip81',
'/blog/tip139' ]
},
{
title: 'CLI',
collapsable: true,
@@ -0,0 +1,45 @@
---
type: post
title: "Tip 190 - Multi-Factor Authentication on Azure in a Nutshell"
excerpt: "Multi-Factor Authentication on Azure in a Nutshell"
tags: [azure, windows, portal, cloud, developers, tipsandtricks]
share: true
date: 2019-03-25 17:00:00
---

#### Multi-Factor Authentication on Azure in a Nutshell

In another Tips and Tricks post, we added Azure Active Directory authentication to an existing App Service Web App. Today, we’ll make sure Multi-Factor Authentication (MFA) is on for that user. There are various services in Azure when it comes to Multi-Factor Authentication](https://azure.microsoft.com/en-us/services/multi-factor-authentication), so let’s first see what’s available. Keep in mind, I want it to be FREE.

If you take a look at the documentation on how it works, the following MFA offerings are listed:
* **Azure Active Directory Premium** – Licenses for full-featured, on-premises, or cloud-hosted MFA services.
* **Multi-Factor Authentication for Office 365** – MFA features included with an Office 365 subscription.
* **Azure Active Directory Global Administrators** – MFA capabilities made available for free by Microsoft for protecting global administrator accounts.

Note I am using a Microsoft account that is a global administrator on my
pay-as-you-go Azure account.

#### There are several MFA offerings, but I didn’t use them

So why didn’t I use Azure Active Directory Premium, MFA for Office 365, or MFA for Azure Active Directory Global Administrators?

First, I didn’t want to pay for Azure Active Directory Premium. Also, I didn’t use MFA for Office 365 because it is for accounts connected to an Office 365 account, which I didn’t have. Finally, Azure Active Directory Global Administrators MFA is a [two-step verification for Azure Active Directory users](https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userstates) and not a Microsoft account. There are ways to turn [two-step verification on for Microsoft accounts](https://support.microsoft.com/en-us/help/12408/microsoft-account-about-two-step-verification) that are done outside of Azure, which I didn’t want to do.

While researching why I couldn’t enable MFA for my Microsoft account user, I found a newer feature that also provides MFA called Baseline Protection. The nice thing about using [Baseline Protection](https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/baseline-protection) is it works well for Microsoft accounts and Azure Active Directory accounts.

#### How I turned on Multi-Factor Authentication using Baseline Policy
Go to the Azure portal and navigate to **Azure Active Directory**, and then click **Conditional access** under **Security**. Since I’m using my own pay-as-you-go subscription, this is the default directory.

<img :src="$withBase('/files/mfa1.png')">

Click on **Baseline policy: Require MFA for admins (Preview)** in the list of policies.

<img :src="$withBase('/files/mfa2.png')">

Select **Use policy immediately** and click the **Save** button.

<img :src="$withBase('/files/mfa3.png')">

Once you have saved, you’ll now see a checkmark in the **Enabled** column of the policy listing.

<img :src="$withBase('/files/mfa4.png')">

0 comments on commit 3ea9d78

Please sign in to comment.
You can’t perform that action at this time.