Multi Factor Authentication 

The username and password is, well let’s face it, a liability. We must do something else to protect user accounts.  MFA started out life as a physical “key fob” and to gain access to corporate resources you (quickly) entered your one time only code with your username and password. The rise of the smartphone allowed us to swap out the key fob for our phones and now we have a number of options for the authentication process. 

There are two types of MFA, cloud based and in-house, both of which are  licensed by your AAD license version.  Certain roles in Azure admin get a MFA license for free but in general you must pay for it.

With MFA enabled we can present the user with several authentication options including;

·         Being sent a code vis SMS

·         Receiving an automated call and pressing # to complete the process

·         Using a native smartphone app to generate the code

·         Using the Azure Authentication App, we can receive a kind of SMS that asks us to accept the authentication request

·         Receiving an email

 

Here is a mind map that explains MFA. 

 
 
 

Here is a video on our YouTube channel.