Plan a Microsoft Entra multifactor authentication deployment
Getting started with Azure Multi-Factor Authentication (Azure MFA) is a straightforward process.
Before you start, make sure you have the following prerequisites:
- A global administrator account in your Microsoft Entra tenant.
- Correct licenses assigned to users. If you need more information, see the article How to get Azure Multi-Factor Authentication.
Choose how to enable
Enabled by changing user state - This is the traditional method for requiring two-step verification. It works with Azure MFA in the cloud. Using this method requires users to perform two-step verification every time they sign in. More information on this method can be found in How to require two-step verification for a user.
Note
More information about licenses and pricing can be found on the Microsoft Entra ID and Multi-Factor Authentication pricing pages.
Choose authentication methods
Enable at least one authentication method for your users based on your organization's requirements. We find that when enabled for users the Microsoft Authenticator app provides the best user experience.
Enable Multi-Factor Authentication with Conditional Access
Sign in to the Azure portal using a global administrator account.
Choose verification options
Before enabling Azure Multi-Factor Authentication, your organization must determine what verification options they allow. For the purpose of this exercise, you enable call to phone and text message to phone as they are generic options that most are able to use.
Browse to Microsoft Entra ID, Users, Multi-Factor Authentication.
In the new tab that opens browse to service settings.
Under verification options, check all of the boxes for methods available to users.
Click on Save.
Close the service settings tab.
Test Azure Multi-Factor Authentication
Open a new browser window in InPrivate or incognito mode and browse to https://portal.azure.cn.
- Log in with the test user created as part of the prerequisites section of this article and note that you should now be required to register for and use Azure Multi-Factor Authentication.
- Close the browser window
Next steps
Congratulations, you have set up Azure Multi-Factor Authentication in the cloud.
To configure additional settings like trusted IPs, custom voice messages, and fraud alerts, see the article Configure Azure Multi-Factor Authentication settings.
Information about managing user settings for Azure Multi-Factor Authentication can be found in the article Manage user settings with Azure Multi-Factor Authentication in the cloud.