- Microsoft guarantees 99.9% availability of Azure MFA.
- The service is considered unavailable when it is unable to receive or process verification requests for the two-step verification.
Step-by-Step Demo
Navigate to the Azure Active Directory from your Azure dashboard.
Next, click on Users.
It will show the list of all users. On top, you will see Multi-Factor Authentication. Click on that and it will open up a new window in the browser.
From the list that shows up, click on a user and enable the multi-factor authentication. Currently, the status shows as disabled.
After enabling it, you can see the status is changed to Enabled.
Back in the portal, go to the users' list and click on "Reset password". Now, we are going to see what the user will experience while signing in.
It will open up this blade. Click on Reset Password.
It will reset the password and will generate a temporary password. Copy it and keep it aside for some time.
Now, we need to log in as that user with their newly-generated password.
Login to the portal from a new private/incognito window.
The user will be prompted with this screen. Click on 'Set it up now'.
You will then be prompted to choose an authentication method. Here I have chosen an authentication phone and chosen to receive a text message. Once you are done with this, click on next.
Once you receive the code, enter it and click on verify.
Next the user will be given a generated password for existing applications. Click on Done.
You will be asked to change your password since Azure knows that your Admin has changed your password. Create a new password and click on sign in.
The user will be then logged into their Azure account.
Back in the MFA page, you can see that the status would now show 'Enforced', meaning that the user has now changed the password. Next, click on service settings to explore some basic settings.
Here you will be able to change the general service settings.
Hence, this is how we can establish the multi-factor authentication in Azure Active Directory.