Windows Intune and Windows Azure Multi Factor Authentication

February 20, 2014 at 10:06 am in Uncategorized by nsienaert

 

Hi All,

Microsoft acquired Phone Factor and added this service into Windows Azure.

This is a great feature to activate MFA on a quick and easy way. Mostly MFA is linked to certificates, smart cards,… which are for some companies a challenge to roll out. Well Windows Azure MFA can be an opportunity to accelerate MFA within these kind of environments.

Let’s have a high-level look on how this needs to be configured and how it can leverage Mobile Device Management.

First you need to create a Directory into Windows Azure and make sure it’s synced with your Windows Intune Tenant so these users are known in Azure.

capture

Configure a MFA provider

capture1.5

Enable the users that you need to have MFA enabled.

capture2

And actually…. that’s all!

Go now to your device that you want to enroll in Windows Intune. In this case it’s a Windows RT.

Once I have typed my Intune password, you will notice that I will receive a phone call. Azure MFA is calling me (=2nd authentication method)

I need to hit the pound button for authentication.

capture4

Once I have done that my devices will be enrolled in Intune.

Interesting to see \ hear was that the call was in Dutch. The system is intelligent enough based on your IE settings in which language you need to be called.

Also note, that you can customize these message by uploading WAV files into Azure.

capture5

During the setup of the MFA provider I need to choose how I need to be billed. You have the choice between “per user” or “per authentication”.

When I check my bill I can see now an extra entry which specifies my MFA cost.

capture3

Till next time!

Nico Sienaert (@nsienaert)

imagesCA18FG24 imagesCAIOYXPP