Denis MihićFounder and IT ArchitectMCT, MCSE: Cloud and Management | MCSE: Server Infrastructure

MCITP | MCTS | MCSA | MCSE:Security

Implementing and Managing Azure Multi-factor Authentication

O predavaču

• 5 godina Microsoft MVP Cloud and Datacenter• Microsoft Certified Trainer

• MCSE: Cloud and Management, MCSE: Server

Infrastructure, MCSA, MCSE:Security• Voditelj Hercegovina MS Community-a• Predavač na svim konferencijama u regionu• Microsoft certificiran od 2006 godine• 40+ certifikata (Microsoft, Vmware, Cisco, Barracuda)

Agenda

• Understanding Azure Multi-factor Authentication• Configuring Azure MFA in the Cloud• Implementing Azure MFA Server On-premises• Duo Security (free edition)

2017 Poll of Internet Users

Username and password no longer enough

Azure Multi-factor Authentication• Global service• Second factor of authentication• For Cloud based systems and on-premise

systems• Using standard Mobile phones

What is multi-factor authentication?

Any two or more of the following factors:

Stronger when using two different channels (out-of-band).

What is Azure Multi-Factor Authentication?

An Azure Identity and Access management service that prevents unauthorized access to both on-premises and cloud applications by providing an additional level of authentication

Trusted by thousands of enterprises to authenticate employee, customer, and partner access.

How It Works

Microsoft Azure Multi-Factor Authentication flavors

• Azure Multi-Factor Authentication stand-alone

• Included in Azure Active Directory Premium

• Free for Azure administrators

• A subset of Azure MFA functionality included in Office 365

MFA for Office 365 Azure Multi-FactorAuthentication

Administrators can Enable/Enforce MFA to end-users Yes Yes

Use Mobile app (online and OTP) as second authentication factor Yes Yes

Use Phone call as second authentication factor Yes Yes

Use SMS as second authentication factor Yes Yes

Application passwords for non-browser clients (e.g. Outlook, Lync) Yes Yes

Default Microsoft greetings during authentication phone calls Yes Yes

Remember Me (Public Preview coming in June)* Yes Yes

Custom greetings during authentication phone calls Yes

Fraud alert Yes

MFA SDK Yes

Security Reports Yes

MFA for on-premises applications/ MFA Server. Yes

One-Time Bypass Yes

Block/Unblock Users Yes

Customizable caller ID for authentication phone calls Yes

Event Confirmation Yes

IP Whitelist (currently in Public Preview)* Yes

No devices or certificates to purchase, provision, and maintain

No end user training is required

Users replace their own lost or broken phones

Users manage their own authentication methods and phone numbers

Integrates with existing directory for centralized user management and automated enrollment

Convenience

Demo u screen-ovima

Activate Azure Active Directory Premium

• 30 days trial• include Multi-factor authentication

Cloud setup

Demo

On-premise setup

Duo Security (free)