Microsoft has sent an email asking Azure admins to enable MFA - multi-factor authentication - for all users of the Azure portal (and Entra, and Intune admin panels).
But in the document above, they don't give a direct link to enable MFA, nor a direct link to enforce MFA. Probably because there are multiple ways to do it.
After a lot of searches, found the following. First we have to add sign-in methods for the MFA, then we can enable MFA.
Going to portal.azure.com
Home > Users > (my username) > Manage > Authentication methods
came to
https://mysignins.microsoft.com/security-info
Here, we can choose "Add sign in method" to add SMS, phone call, Microsoft Authenticator app or "Other authenticator app" like Google Authenticator which uses TOTP (time-based one-time password).
Then to enable or enforce 2FA (two-factor authentication) for admin users, we can go to portal.azure.com
(Just a note: Azure Entra ID is the new name for Azure Active Directory for translating from old tutorials.)
Users > Per user MFA (button on top of the page) > (which redirects to the page https://account.activedirectory.windowsazure.com/usermanagement/multifactorverification.aspx?tenantId=theRelevantTenantID for "legacy experience")
choose the relevant username, and then choose the "Enable" link on the right-hand pane. Confirm that you want to enable MFA for that user, then you are done.
If not "legacy experience", then the per user MFA page has a different look - with buttons to enable, disable or enforce MFA for the selected users, and also User MFA settings:
No comments:
Post a Comment