Denis MihićFounder and IT ArchitectMCT, MCSE: Cloud and Management | MCSE: Server Infrastructure
MCITP | MCTS | MCSA | MCSE:Security
Implementing and Managing Azure Multi-factor Authentication
O predavaču
• 5 godina Microsoft MVP Cloud and Datacenter• Microsoft Certified Trainer
• MCSE: Cloud and Management, MCSE: Server
Infrastructure, MCSA, MCSE:Security• Voditelj Hercegovina MS Community-a• Predavač na svim konferencijama u regionu• Microsoft certificiran od 2006 godine• 40+ certifikata (Microsoft, Vmware, Cisco, Barracuda)
Agenda
• Understanding Azure Multi-factor Authentication• Configuring Azure MFA in the Cloud• Implementing Azure MFA Server On-premises• Duo Security (free edition)
2017 Poll of Internet Users
Username and password no longer enough
Azure Multi-factor Authentication• Global service• Second factor of authentication• For Cloud based systems and on-premise
systems• Using standard Mobile phones
What is multi-factor authentication?
Any two or more of the following factors:
Stronger when using two different channels (out-of-band).
What is Azure Multi-Factor Authentication?
An Azure Identity and Access management service that prevents unauthorized access to both on-premises and cloud applications by providing an additional level of authentication
Trusted by thousands of enterprises to authenticate employee, customer, and partner access.
How It Works
Microsoft Azure Multi-Factor Authentication flavors
• Azure Multi-Factor Authentication stand-alone
• Included in Azure Active Directory Premium
• Free for Azure administrators
• A subset of Azure MFA functionality included in Office 365
MFA for Office 365 Azure Multi-FactorAuthentication
Administrators can Enable/Enforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (e.g. Outlook, Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Remember Me (Public Preview coming in June)* Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications/ MFA Server. Yes
One-Time Bypass Yes
Block/Unblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
IP Whitelist (currently in Public Preview)* Yes
No devices or certificates to purchase, provision, and maintain
No end user training is required
Users replace their own lost or broken phones
Users manage their own authentication methods and phone numbers
Integrates with existing directory for centralized user management and automated enrollment
Convenience
Demo u screen-ovima
Activate Azure Active Directory Premium
• 30 days trial• include Multi-factor authentication
Cloud setup
Demo
On-premise setup
Duo Security (free)