Microsoft Azure AD Multi-Factor Authentication

To log in to Microsoft to set up your MFA you can log in at:

https://myaccount.microsoft.com and select the Security Info button

 

Multi-factor authentication is a process in which users are prompted during the sign-in process for an additional form of identification, such as a code on their cell phone or a fingerprint scan.

If you only use a password to authenticate your user account, it leaves an insecure vector for attack. If the password is weak or has been exposed elsewhere, an attacker could be using it to gain access. When you require a second form of authentication, security is increased because this additional factor isn't something that's easy for an attacker to obtain or duplicate.

Conceptual image of the various forms of multi-factor authentication.

Azure AD Multi-Factor Authentication works by requiring two or more of the following authentication methods:

  • Something you know, typically a password.
  • Something you have, such as a trusted device that's not easily duplicated, like a phone or hardware key.
  • Something you are - biometrics, like a fingerprint or face scan.

This is the login process for authenticating with Azure AD. Azure AD is used with some of the services that we use in the district. This allows us to have more securityas well as a common account so that you do not need to have many different accounts and passwords set up. The other authentication method that we use a lot is Google Authentication. Azure AD is similar to that. Many financial institutions now require you now to use a 2nd factor, or what is referred to as 2FA or multifactor to use their applications or website now. This adds more security.

Here are some screens that you will see when signing into an application or website that has Azure AD for its authentication.

MS Sign In WIndow

MS Password screen

MS telling user that they need to gather information to complete multifactor authentication.

MS get Microsoft Authenticator app download or use different authenticator app.

If you would like to download the Microsoft Authenticator app from your phone or other devices' application store here is a download link for that.
 

If you would like to use a different authenticator app read further in this article and it will show you how to do that from the text link "I want to use a different authenticator app"
If you don't have a device that you can setup an authenticator app on you can have it call a phone or send an SMS message. read further for these instructions as well.

After installing the Microsoft Authenticator app launch it and press the + to add an account.

Setup Microsoft Authenticator app and if shown select "Work or school"

Scan the QR code that is on the screen with your device or click can't scan image? and you will get a code that can be long to enter in to pair the two accounts together.

MS Scan the QR code to pair app to account

MS Let's try it out

By pressing approve on the screen of your device, you will then complete the multifaceted authentication step. This one was just a test.

MS Notification approved

MS Success!

You have setup the Microsoft Authenticator app.

If you wanted to use other authenticator applications other than this one like Authy or Google Authenticator. From the instructions above get to the screen that looks like this and click on the text "I want to use a different authentication app"

MS get Microsoft Authenticator app download or use different authenticator app.

MS authenticator app setup your account.

Open the application that you are going to use and add an account. You can then scan the QR code.

MS Scan the QR code

After the paring, you will confirm with a 6-digit code that will refresh every minute. This will test to make sure the random numbers match what is expected.

MS confirm with a 6 digit code that will show up on the authenticator app

This completes the 3rd party authenticator applications.

For setting up a phone call or SMS you will get to the screen that looks like this and click on the link for "I want to setup a different method"

MS get Microsoft Authenticator app download or use different authenticator app.

Choose Phone from the drop-down.

MS Choose a different method with a drop-down for phone

Enter in a phone number that you can either get SMS messages on or a phone that you can answer like a desk phone.

MS Phone setup. Asking for a phone number and if you want a text code or call me.

The phone number that send you a code via SMS will be a short 5-digit phone number. This will text you a 6 digit code like the authenticator app for verification every time.

Example of text me a code.
MS phone verifying with a 6 digit code sent to phone to be entered here.
MS Phone SMS verified.

For phone calls, a call from Midland Public Schools main line will call you and it will ask you do press a button to confirm. After you have completed, this is what it will look like when you sign in to verify.

MS Verify your identity via Text or Call.

 

If you want to modify or add additional forms of authentication after this first option, you can go here and add or remove them. If you remove them all you will be prompted the next time to set one up again. Another form factor for authentication that you can add is a FIDO2 security key. This is a USB key that has security features in it. 

https://mysignins.microsoft.com/security-info

 

 

Was this helpful?
0% helpful - 1 review

Details

Article ID: 152059
Created
Thu 11/3/22 3:43 PM
Modified
Wed 9/20/23 10:49 AM