Microsoft acquired Phone Factor and added this service into Windows Azure.
This is a great feature to activate MFA on a quick and easy way. Mostly MFA is linked to certificates, smart cards,… which are for some companies a challenge to roll out. Well Windows Azure MFA can be an opportunity to accelerate MFA within these kind of environments.
Let’s have a high-level look on how this needs to be configured and how it can leverage Mobile Device Management.
First you need to create a Directory into Windows Azure and make sure it’s synced with your Windows Intune Tenant so these users are known in Azure.
Configure a MFA provider
Enable the users that you need to have MFA enabled.
And actually…. that’s all!
Go now to your device that you want to enroll in Windows Intune. In this case it’s a Windows RT.
Once I have typed my Intune password, you will notice that I will receive a phone call. Azure MFA is calling me (=2nd authentication method)
I need to hit the pound button for authentication.
Once I have done that my devices will be enrolled in Intune.
Interesting to see \ hear was that the call was in Dutch. The system is intelligent enough based on your IE settings in which language you need to be called.
Also note, that you can customize these message by uploading WAV files into Azure.
During the setup of the MFA provider I need to choose how I need to be billed. You have the choice between “per user” or “per authentication”.
When I check my bill I can see now an extra entry which specifies my MFA cost.
Till next time!
Nico Sienaert (@nsienaert)