部署基于云的 Azure 多重身份验证Deploy cloud-based Azure Multi-Factor Authentication

Azure 多重身份验证 (Azure MFA) 入门是一个直截了当的过程。Getting started with Azure Multi-Factor Authentication (Azure MFA) is a straightforward process.

在开始之前,请确保满足以下先决条件:Before you start, make sure you have the following prerequisites:

选择启用方法Choose how to enable

通过更改用户状态启用 - 这是需要进行双重验证的传统方法。 Enabled by changing user state - This is the traditional method for requiring two-step verification. 它与云中的 Azure MFA 配合工作。It works with Azure MFA in the cloud. 使用此方法要求用户每次登录时都执行双重验证。Using this method requires users to perform two-step verification every time they sign in. 可在如何要求对用户进行双重验证中找到有关此方法的详细信息。More information on this method can be found in How to require two-step verification for a user.

Note

有关许可和定价的详细信息,请参见 Azure AD多重身份验证定价页。More information about licenses and pricing can be found on the Azure AD and Multi-Factor Authentication pricing pages.

选择身份验证方法Choose authentication methods

根据组织的要求至少为用户启用一种身份验证方法。Enable at least one authentication method for your users based on your organization's requirements. 我们发现,如果为用户启用了身份验证,则 Microsoft Authenticator 应用可提供最佳用户体验。We find that when enabled for users the Microsoft Authenticator app provides the best user experience.

结合条件访问启用多重身份验证Enable Multi-Factor Authentication with Conditional Access

使用全局管理员帐户登录到 Azure 门户Sign in to the Azure portal using a global administrator account.

选择验证选项Choose verification options

在启用 Azure 多重身份验证之前,组织必须确定允许的验证选项。Before enabling Azure Multi-Factor Authentication, your organization must determine what verification options they allow. 在本练习中,我们将启用电话呼叫和手机短信身份验证方法,因为这是大多数人都可以使用的常规选项。For the purpose of this exercise, you enable call to phone and text message to phone as they are generic options that most are able to use.

  1. 浏览至“Azure Active Directory” 、“用户” 、“多重身份验证” 。Browse to Azure Active Directory, Users, Multi-Factor Authentication.

    从 Azure 门户中的“Azure AD 用户”边栏选项卡访问“多重身份验证”门户

  2. 在打开的新选项卡中,浏览至“服务设置” 。In the new tab that opens browse to service settings.

  3. 在“验证选项”下,选中可供用户使用的方法旁的所有框 。Under verification options, check all of the boxes for methods available to users.

    在多重身份验证服务设置选项卡中配置验证方法

  4. 单击“保存” 。Click on Save.

  5. 关闭“服务设置”选项卡 。Close the service settings tab.

测试 Azure 多重身份验证Test Azure Multi-Factor Authentication

在 InPrivate 或 incognito 模式下打开新的浏览器窗口并浏览到 https://portal.azure.cnOpen a new browser window in InPrivate or incognito mode and browse to https://portal.azure.cn.

  • 使用在本文的先决条件部分创建的测试用户登录,你将发现,现在系统要求你注册并使用 Azure 多重身份验证。Log in with the test user created as part of the prerequisites section of this article and note that you should now be required to register for and use Azure Multi-Factor Authentication.
  • 关闭浏览器窗口Close the browser window

后续步骤Next steps

祝贺你,现已在云中设置 Azure 多重身份验证。Congratulations, you have set up Azure Multi-Factor Authentication in the cloud.

若要配置其他设置(例如受信任的 IP、自定义语音消息和欺诈警报),请参阅配置 Azure 多重身份验证设置一文。To configure additional settings like trusted IPs, custom voice messages, and fraud alerts, see the article Configure Azure Multi-Factor Authentication settings.

有关管理 Azure 多重身份验证的用户设置的信息,请参阅管理云中 Azure 多重身份验证的用户设置一文。Information about managing user settings for Azure Multi-Factor Authentication can be found in the article Manage user settings with Azure Multi-Factor Authentication in the cloud.