top of page

What is Multi-factor authentication and how it works ?

Today, we will discuss about an additional security layer for authentication and protecting user identity accounts from cyber threats, stolen credentials and hijacks, it is a process called as Multi factor authentication (MFA) or two factor authentication (2FA).

Why we have to opt for an extra authentication verification other than passwords ?

Generally, we are used to simple authentication method where we would enter our Username and Password combinations for logging into device or any application, but this simple method has caused credential thefts by hackers and gain access to sensitive information.

When a user is authenticated solely using a password, an unsecure attack vector is left open. An attacker might be using a weak password—or one that has already been used and leaked—to obtain access.

"Security is increased when a second type of authentication is required because the second factor is more difficult for an attacker to get or replicate".

MFA helps to prevent unauthorized access by acting as additional security verification layer that prompts the users to enter security code sent to their mobile devices. Multi-factor Authentication (MFA) is an authentication technique that relies on two or more different techniques in addition to merely a user's username and password to verify their identity.

MFA is used by businesses to restrict access to both customer-facing applications and internal IT systems and solutions. To guard against data leakage, fraud, and misuse in the consumer realm, financial services businesses, healthcare providers, insurance companies, cloud solution providers, and many more utilize MFA.

MFA helps increase Identity security, cloud security, Secure access and Zero trust as well as traditional on-premise IT infrastructure security.

Main Types of MFA Authentication Methods

Azure AD Multifactor authentication works on one or more of the below following factors:

  • Knowledge factors – something the user knows, such as a password or an answer to a security question

  • Possession factors – something the user has such as a smartphone or mobile device or proximity badge

  • Inherence factors – something biologically unique to the user such as a biometric like fingerprint or facial characteristics or voice recognition

  • Location factors – the user’s geographic position

Other additional methods of verification in Azure AD Multi-Factor Authentication:

  • Windows Hello for Business

  • FIDO2 security key

  • OATH hardware token

  • OATH software token

  • Codes sent as emails or SMS messages or voice calls

  • Proximity badges, physical tokens, or USB devices

  • Answers to personal security questions

  • Fingerprint, voice or facial recognition, or retina scanning

Now you would have understood what is MFA, how it secures the environment and different authentication methods that can be used.

Lets see, how can we implement this Microsoft security feature MFA on the environment.

There are few ways in which we can implement this:

  • MFA administrators can enable MFA for users through MFA portal

  • Conditional Access policies can be implemented for enforcing MFA

In this part of the blog, lets check how to enable MFA via portal by administrators.

There are few quick steps to enable MFA

  • Login to azure portal ( go to Users, select a User to enable MFA

  • Click on "Per-user MFA" on the icon above, which is highlighted in red box and it redirects to MFA portal page.

  • In MFA portal, you can see 2 tab options "Users and Service settings"

  • Under Users tab, search for the username and select the user, by default it will be in “disabled” state.

Select the user account "Gtest" and go to quick steps, click on "Enable".

A pop up prompt opens up asking do you want to “enable multi-factor auth” as per the below screenshot.

Click on "enable multi-factor auth" , it show as MFA enabled successfully and close prompt.

You can observe the user “Gtest” account which got MFA enabled as highlighted in the red box.

NOTE: Before we go ahead and enable MFA, go to "Service settings" tab and you can find options for creating customized application passwords.

You have different verification option, as you can choose different methods for users to complete their MFA prompt when notified as a second factor verification of account.

You can also avoid MFA prompting for multiple times by choosing “Allow users to remember MFA on devices they trust and can specify the days”.

You should have now understood step by step process of how to enable MFA for users,

In the next article we will explain about how to create conditional access policies for enforcing MFA automatically to all users.

Thanks for reading this MFA blog, join our community for FREE to get related updates by subscribing the form below.



bottom of page