In this video, Pete Zerger explains Multi-Factor Authentication (MFA) versions and capabilities in Azure Active Directory, as well as the authentication process flow behind a user request in an MFA-enabled scenario.
- [Instructor] We can enable multi-factor authentication…in any of the identity models we can implement with Azure.…For this discussion, we'll focus…on the synchronized identity model…since it's the most common.…There are multiple versions…of multi-factor authentication in Azure AD,…and the capabilities and the scope depends…on the version we have access to.…If our Azure AD instance is the one…that comes free with Office 365,…our MFA will only work with Office 365 applications…and will lack some of the advanced capabilities…of Azure MFA, which comes in Azure AD Premium.…
We get MFA for our Azure admin account in the free tier,…but only for our admin accounts.…It's only in the Azure AD Premium tier…that we have access to the advanced MFA features,…such as conditional access…and the identity protection feature,…which can further evaluate context…and risk associated with log-on requests.…How we enable MFA depends on the version…of Azure AD we're working with.…In the free tier of Azure AD, we have an extra step,…in that we have to enable and add an MFA provider,…
In this course—the first in the series—Microsoft MVP Pete Zerger takes you through the basics of setting up endpoint protection. He begins by explaining how to set up Azure Active Directory Premium. Next, he goes into enabling multi-factor authentication, followed by setting conditions for secure access. To wrap up, Pete covers managing mobile devices with Intune, and publishing applications with Azure AD App Proxy.
- Setting up Azure Active Directory for an organization
- Enabling user-level and application-level multi-factor authentication
- Setting conditions for secure access
- Planning a mobile device management (MDM) strategy
- How Intune (standalone) MDM works
- How Intune mobile application management works
- Publishing applications with Azure AD App Proxy
- Assigning users and groups