In this video, Pete Zerger demonstrates how to enable Multi-Factor Authentication at the app level with Azure Active Directory Premium. Learn how to control MFA behavior based on a user's location, group membership, or device health.
- [Narrator] Now I'll demonstrate how to enable multi-factor authentication at the application level. Here I am in the Azure portal. I'll click the classic portal link which should automatically log me in to my default directory. I'll now browse to the applications tab which will show me a list of my enterprise applications. In this example, I'll pick office 365 exchange online and when I click the configure tab, this will show me a few settings that enable enabling multi-factor authentications specifically for this app.
You'll notice I can turn on multi-factor authentication and now I have some options. I can apply to all users. I can apply to groups. I can make exceptions to multi-factor and you'll notice in the rules section here, I can control some aspects of multi-factor behavior. I can by default require multi-factor authentication for all requests. I can require multi-factor only when a user is not at work meaning when their IP address is not trusted. I can even block access when that user is outside of the office.
I even have some options to control multi-factor behavior based on the device. So I can apply this based on the health of a device for example. We're going to ignore that for now but know that that option is there. This doesn't give us the full capabilities of conditional access in Microsoft Intune but it's certainly a great start. So with multi-factor settings configured, I'll hit the save button and these settings will take a few seconds to a couple of minutes to take effect. So if you attempt to log in to your application immediately after configuring multi-factor and you find you don't get that second prompt, just wait a couple of minutes longer until those settings take hold.
So now with multi-factor configured, our settings saved. We can flip over and give this a test with Office 365 exchange online. So I'll log in with my Azure active directory user account which of course has Office 365 and exchange enabled and I'll sign in. So this will take me to my default landing page for Office 365. I can now click on mail which will take me to Office 365 exchange online.
You'll notice that the multi-factor prompt has taken hold and I have opted to use the SMS message as my second factor of authentication so a text message has been sent to my phone. I'll plug in that code, that PIN and mission accomplished. I'm now authenticated via multi-factor to my application and that multi-factor authentication at the app in Azure active director.
In this course—the first in the series—Microsoft MVP Pete Zerger takes you through the basics of setting up endpoint protection. He begins by explaining how to set up Azure Active Directory Premium. Next, he goes into enabling multi-factor authentication, followed by setting conditions for secure access. To wrap up, Pete covers managing mobile devices with Intune, and publishing applications with Azure AD App Proxy.
- Setting up Azure Active Directory for an organization
- Enabling user-level and application-level multi-factor authentication
- Setting conditions for secure access
- Planning a mobile device management (MDM) strategy
- How Intune (standalone) MDM works
- How Intune mobile application management works
- Publishing applications with Azure AD App Proxy
- Assigning users and groups