Plan a Microsoft Entra multifactor authentication deployment

Getting started with Azure Multi-Factor Authentication (Azure MFA) is a straightforward process.

Before you start, make sure you have the following prerequisites:

Choose how to enable

Enabled by changing user state - This is the traditional method for requiring two-step verification. It works with Azure MFA in the cloud. Using this method requires users to perform two-step verification every time they sign in. More information on this method can be found in How to require two-step verification for a user.

Note

More information about licenses and pricing can be found on the Microsoft Entra ID and Multi-Factor Authentication pricing pages.

Choose authentication methods

Enable at least one authentication method for your users based on your organization's requirements. We find that when enabled for users the Microsoft Authenticator app provides the best user experience.

Enable Multi-Factor Authentication with Conditional Access

Sign in to the Azure portal using a global administrator account.

Choose verification options

Before enabling Azure Multi-Factor Authentication, your organization must determine what verification options they allow. For the purpose of this exercise, you enable call to phone and text message to phone as they are generic options that most are able to use.

  1. Browse to Microsoft Entra ID, Users, Multi-Factor Authentication.

    Accessing the Multi-Factor Authentication portal from Microsoft Entra ID Users blade in Azure portal

  2. In the new tab that opens browse to service settings.

  3. Under verification options, check all of the boxes for methods available to users.

    Configuring verification methods in the Multi-Factor Authentication service settings tab

  4. Click on Save.

  5. Close the service settings tab.

Test Azure Multi-Factor Authentication

Open a new browser window in InPrivate or incognito mode and browse to https://portal.azure.cn.

  • Log in with the test user created as part of the prerequisites section of this article and note that you should now be required to register for and use Azure Multi-Factor Authentication.
  • Close the browser window

Next steps

Congratulations, you have set up Azure Multi-Factor Authentication in the cloud.

To configure additional settings like trusted IPs, custom voice messages, and fraud alerts, see the article Configure Azure Multi-Factor Authentication settings.

Information about managing user settings for Azure Multi-Factor Authentication can be found in the article Manage user settings with Azure Multi-Factor Authentication in the cloud.