Lab 15 - Configure an Azure AD multi-factor authentication registration policy
Lab scenario
Azure AD multi-factor authentication provides a means to verify who you are using more than just a username and password. It provides a second layer of security to user sign-ins. For users to be able to respond to MFA prompts, they must first register for Azure AD Multi-Factor Authentication. You must configure your Azure AD organization’s MFA registration policy to be assigned to all users.
Estimated time: 10 minutes
Exercise 1 - Set up MFA registration policy
Task 1 - Policy configuration
-
Sign in to the https://portal.azure.com using a Global administrator account.
-
Open the portal menu and then select Azure Active Directory.
-
On the Azure Active Directory page, under Manage, select Security.
-
On the Security page, in the left navigation, select Identity protection.
-
In the Identity protection page, in the left navigation, select MFA registration policy.
-
Under Assignments
-
Under Assignments, select All users and review the available options.
-
You can select from All users or Select individuals and groups if limiting your rollout.
-
Additionally, you can choose to exclude users from the policy.
-
Under Controls, notice that the Require Azure AD MFA registration is selected and cannot be changed.
-
Under Enforce Policy, select On and then select Save.
Task 2 - Configure Azure AD Identity Protection policy for MFA registration
Note: Azure AD Identity Protection requires Azure AD Premium P2 to be activated.
-
In the Azure portal, navigate to Azure AD Identity Protection in the search bar.
-
Under Protect in the menu, select MFA registration policy.
-
Under Assignments, select All users under Users, and select a user to enforce MFA.
-
Change Enforce policy from Off to On.
-
Select Save.
This will require the user to complete the MFA registration the next time they attempt to login.
- From a private browser, navigate to
. Enter a user name and password from the tenant. Note the additional security information requirements that the user is asked to enter.