Setup Multi-Factor Authentication | Azure
Content
Not sure the cause. The (personal) account not work Multi-Factor Authentication on Azure although had already set it. Other platforms required it and worked.
Visited this page - https://account.activedirectory.windowsazure.com/usermanagement/multifactorverification.aspx. Not able to set "Mutl-Factor Auth" Status.
Tried to activate (Azure AD Premium P2) (Trial). Not work also.
Finally, have done it by set again "Two-Step Verification".
References
Is there a free version of Azure Multi-Factor Authentication?
#@ref https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-faq
#
In some instances, yes.
Multi-Factor Authentication for Azure Administrators offers a subset of Azure MFA features at no cost for access to Microsoft online services, including the Azure and Office 365 administrator portals. This offer only applies to global administrators in Azure Active Directory instances that don't have the full version of Azure MFA through an MFA license, a bundle, or a standalone consumption-based provider. If your admins use the free version, and then you purchase a full version of Azure MFA, then all global administrators are elevated to the paid version automatically.
Multi-Factor Authentication for Office 365 users offers a subset of Azure MFA features at no cost for access to Office 365 services, including Exchange Online and SharePoint Online. This offer applies to users who have an Office 365 license assigned, when the corresponding instance of Azure Active Directory doesn't have the full version of Azure MFA through an MFA license, a bundle, or a standalone consumption-based provider.
Enable Azure Multi-Factor Authentication
As long as your users have licenses that include Azure Multi-Factor Authentication, there's nothing that you need to do to turn on Azure MFA. You can start requiring two-step verification on an individual user basis. The licenses that enable Azure MFA are:
• Azure Multi-Factor Authentication
• Azure Active Directory Premium
• Enterprise Mobility + Security
Azure Azure Multi-Factor Authentication (MFA) only works with work or school accounts
#@ref https://docs.microsoft.com/en-us/azure/active-directory/active-directory-privileged-identity-management-how-to-require-mfa
#
Right now, Azure Azure Multi-Factor Authentication (MFA) only works with work or school accounts, not Microsoft accounts (usually a personal account that's used to sign in to Microsoft services like Skype, Xbox, Outlook.com, etc.). Because of this, anyone using a Microsoft account can't be an eligible admin because they can't use MFA to activate their roles. If these users need to continue managing workloads using a Microsoft account, elevate them to permanent administrators for now.
• ENTERPRISE MOBILITY + SECURITY E5: Enterprise Mobility + Security E5 is the comprehensive cloud solution to address your consumerization of IT, BYOD, and SaaS challenges. In addition to Azure Active Directory Premium P2 the suite includes Microsoft Intune and Azure Rights Management.
• AZURE AD PREMIUM P2: With Azure Active Directory Premium P2 you can gain access to advanced security features, richer reports and rule based assignments to applications. Your end users will benefit from self-service capabilities and customized branding.
Azure Multi-Factor Auth Provider
#@ref https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-auth-provider
#
An Azure Multi-Factor Auth Provider is used to take advantage of features provided by the full version of Azure MFA. It is for users who do #not have licenses through Azure MFA, Azure AD Premium, or Enterprise Mobility + Security (EMS)
User Model:
• Per Authentication – purchasing model that charges per authentication. Typically used for scenarios that use Azure Multi-Factor Authentication in a consumer-facing application.
• Per Enabled User – purchasing model that charges per enabled user. Typically used for employee access to applications such as Office 365. Choose this option if you have some users that are already licensed for Azure MFA.
Subscription: The Azure subscription that is charged for two-step verification activity through the Provider.
Directory: The Azure Active Directory tenant that the Provider is associated with.
• You do not need an Azure AD directory to create a Provider. Leave this box blank if you are only planning to download the Azure Multi-Factor Authentication Server.
• The Provider must be associated with an Azure AD directory to take advantage of the advanced features.
• Only one Provider can be associated with any one Azure AD directory.
Azure Active Directory Identity Protection (Microsoft)
Identity verification apps: FAQ (Microsoft)
https://techcommunity.microsoft.com/t5/Azure-Active-Directory/ct-p/AzureActiveDirectory
Update
Not sure the cause. The (personal) account not work Multi-Factor Authentication on Azure although had already set it. Other platforms required it and worked.
Visited this page - https://account.activedirectory.windowsazure.com/usermanagement/multifactorverification.aspx. Not able to set "Mutl-Factor Auth" Status.
Multi-Factor Auth Status: Disabled
Tried to activate (Azure AD Premium P2) (Trial). Not work also.
Licenses not assigned
License cannot be assigned to a user without a usage location specified.
License assignment failed for 1 user.
{"errorCode":"LicenseAssignmentError","localizedErrorDetails":null,"operationResults"
[...]
Finally, have done it by set again "Two-Step Verification".
References
Is there a free version of Azure Multi-Factor Authentication?
#@ref https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-faq
#
In some instances, yes.
Multi-Factor Authentication for Azure Administrators offers a subset of Azure MFA features at no cost for access to Microsoft online services, including the Azure and Office 365 administrator portals. This offer only applies to global administrators in Azure Active Directory instances that don't have the full version of Azure MFA through an MFA license, a bundle, or a standalone consumption-based provider. If your admins use the free version, and then you purchase a full version of Azure MFA, then all global administrators are elevated to the paid version automatically.
Multi-Factor Authentication for Office 365 users offers a subset of Azure MFA features at no cost for access to Office 365 services, including Exchange Online and SharePoint Online. This offer applies to users who have an Office 365 license assigned, when the corresponding instance of Azure Active Directory doesn't have the full version of Azure MFA through an MFA license, a bundle, or a standalone consumption-based provider.
Enable Azure Multi-Factor Authentication
As long as your users have licenses that include Azure Multi-Factor Authentication, there's nothing that you need to do to turn on Azure MFA. You can start requiring two-step verification on an individual user basis. The licenses that enable Azure MFA are:
• Azure Multi-Factor Authentication
• Azure Active Directory Premium
• Enterprise Mobility + Security
Azure Azure Multi-Factor Authentication (MFA) only works with work or school accounts
#@ref https://docs.microsoft.com/en-us/azure/active-directory/active-directory-privileged-identity-management-how-to-require-mfa
#
Right now, Azure Azure Multi-Factor Authentication (MFA) only works with work or school accounts, not Microsoft accounts (usually a personal account that's used to sign in to Microsoft services like Skype, Xbox, Outlook.com, etc.). Because of this, anyone using a Microsoft account can't be an eligible admin because they can't use MFA to activate their roles. If these users need to continue managing workloads using a Microsoft account, elevate them to permanent administrators for now.
• ENTERPRISE MOBILITY + SECURITY E5: Enterprise Mobility + Security E5 is the comprehensive cloud solution to address your consumerization of IT, BYOD, and SaaS challenges. In addition to Azure Active Directory Premium P2 the suite includes Microsoft Intune and Azure Rights Management.
• AZURE AD PREMIUM P2: With Azure Active Directory Premium P2 you can gain access to advanced security features, richer reports and rule based assignments to applications. Your end users will benefit from self-service capabilities and customized branding.
Azure Multi-Factor Auth Provider
#@ref https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-get-started-auth-provider
#
An Azure Multi-Factor Auth Provider is used to take advantage of features provided by the full version of Azure MFA. It is for users who do #not have licenses through Azure MFA, Azure AD Premium, or Enterprise Mobility + Security (EMS)
User Model:
• Per Authentication – purchasing model that charges per authentication. Typically used for scenarios that use Azure Multi-Factor Authentication in a consumer-facing application.
• Per Enabled User – purchasing model that charges per enabled user. Typically used for employee access to applications such as Office 365. Choose this option if you have some users that are already licensed for Azure MFA.
Subscription: The Azure subscription that is charged for two-step verification activity through the Provider.
Directory: The Azure Active Directory tenant that the Provider is associated with.
• You do not need an Azure AD directory to create a Provider. Leave this box blank if you are only planning to download the Azure Multi-Factor Authentication Server.
• The Provider must be associated with an Azure AD directory to take advantage of the advanced features.
• Only one Provider can be associated with any one Azure AD directory.
Azure Active Directory Identity Protection (Microsoft)
Identity verification apps: FAQ (Microsoft)
https://techcommunity.microsoft.com/t5/Azure-Active-Directory/ct-p/AzureActiveDirectory
Update