Azure MFA – Auth Provider Creation

This post is part of a series, for the series contents see: Azure MFA

The first step for setting up Azure MFA is to create a multi-factor auth provider; essentially the cloud app that will deal with your authentication requests.

There are two slightly annoying things about setting this up (and I really do mean “slightly”):

  1. I can’t find a PowerShell way to script it.
    • This seems to be the case with a lot of Azure AD things.  My assumption is that since AAD is a giant SaaS app, Microsoft have locked down some programmatic access as an errant script could DoS the system and impact multiple customers.  Well that’s my theory, anyway.
  2.  You have to create it in the old portal.
    • I really don’t think there is an excuse for this.  The new portal has been around for ages so it does annoy me that everything hasn’t been migrated across to it yet, especially since it makes applying a consistent RBAC policy a right pain.  Although, to be fair, I’m sure there’s probably a good reason why hasn’t gone yet.

Anyway, moaning aside, here’s the very simple steps to create an MFA auth provider:

  1. Login to the classic portal:  https://manage.windowsazure.com
  2. From the left-hand menu select “Active Directory” and then “Multi-factor Auth Providers”:Azure AD Top Level
  3. Click to create a new provider:Azure AD Create MFA Provider
  4. Then, when filling in the options the key one is the usage model because you can’t change it later without deleting and recreating the whole thing.  The options available are:
    • Per Authentication
    • Per Enabled User
  5. I went for the per authentication option as I don’t have any licenses (an Office 365 EMS or E5 license would do the job) and I’m just setting this up for a lab.  I could always do a trial with some licenses but then I’d have to recreate the whole thing when that ended.There’s some details about the two options here but in reality most businesses are going to be using the per enabled user option.

    Azure AD MFA Provider Options

And that’s the first part complete!

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: