2. Dr. Authentication Or, How I Learned To Stop Worrying And Love The Azure MFA
Saša Kranjac MCT, CEI
Security, Azure, Windows Internals

3. 10/5/ :59 PM
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

4. 10/5/ :59 PM
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

5. What is Multi-Factor Authentication?
10/5/ :59 PM
What is Multi-Factor Authentication?
Identity Confirmation With Something You:
Know: PIN, Password
Have: Smart Card, Credit Card, Phone, Token
Are: Fingerprint, Eye Retina, Palm
01234
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6. What is Azure Multi-Factor Authentication?
10/5/ :59 PM
What is Azure Multi-Factor Authentication?
An Azure Service providing an additional level of authentication that prevents unauthorized access to both on-premises and cloud applications.
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7. How to get Azure MFA? Part of Azure AD Premium and
10/5/ :59 PM
How to get Azure MFA?
Part of Azure AD Premium and
Enterprise Mobility Suite (EMS)
(AAD Premium, Azure RMS, Intune) OR
Create a MFA Provider in Azure
Per Authentication
Per Enabled User
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8. How to get Azure MFA? 10/5/2017 12:59 PM
Office 365
Exclusively for Office 365 Applications
With Office 365 Subscription
Azure Administrators
Every Azure Admin Gets MFA for FREE
Azure MFA
With Subscription
Full Capabilities
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. MFA For Azure Administrators Azure Multi-Factor Authentication
Feature
MFA For Office 365
MFA For Azure Administrators
Azure Multi-Factor Authentication
Administrators can protect accounts with MFA 
(Azure Admins Only)
Mobile app as a second factor
Phone call as a second factor
SMS as a second factor
App passwords for clients that don't support MFA
Admin control over authentication methods  
PIN mode
Fraud alert
MFA Reports
One-Time Bypass
Custom greetings for phone calls
Customization of caller ID for phone calls
Event Confirmation
Trusted IPs
Suspend MFA for remembered devices
MFA SDK
MFA for on-premises applications using MFA server

10. Where and what? User Location Solution Azure Active Directory
MFA in the cloud
Azure AD + on-premises AD using AD FS
MFA in the cloud and Server
Azure AD and on-premises AD using AD FS
Azure AD + on-premises AD using DirSync,
Azure AD Sync,
Azure AD Connect - no password sync
Azure AD Connect - with password sync
On-premises Active Directory
MFA Server

11. What are you trying to secure
Where and what?
What are you trying to secure
MFA in the cloud
MFA Server
First party Microsoft apps 
SaaS apps in the app gallery
IIS applications published through Azure AD App Proxy
IIS applications not published through Azure AD App Proxy
Remote access such as VPN, RDG

12. Authentication using something you KNOW:
Mobile App
Phone Call
Text Message

13. Authentication
1. Users sign in from any device using existing username/password
2. Users MUST authenticate using phone or mobile device before access is granted
Cloud apps
On-premises apps
Active Directory
or other LDAP
Multi-factor authentication service
Multi-factor authentication service
Java, .NET, PHP…
SAML
RADIUS
LDAP IIS
RDS/VDI

14. Authentication 1. User Authenticates and Requires MFA
2. Auth is passed to the MFA Server
3,4 Auth to the identity provider
5. MFA Server checks with the MFA service using TCP port 443
6, 7 Call, SMS, App
8. Notifies the MFA Server to allow authentication
9. The MFA Server allows the client devices

15. 01234
No devices or certificates to purchase, provision, and maintain
Suitable
No end user training is required
Users replace their own lost or broken phones
Users manage their own authentication methods and phone numbers
Integrates with existing directory for centralized user management and automated enrollment

16. Scalable Works with all leading on-premises applications
Supports ADFS and SAML-based apps for federation to the cloud
Built into Microsoft Azure Active Directory for use with cloud apps
SDK for integration with custom apps and directories
Reliable, scalable service supports high-volume, mission-critical scenarios

17. Secure Strong multi-factor authentication Real-Time Fraud Alert
PIN option
Reporting and logging for auditing
Enables compliance with NIST Level 3, HIPAA, PCI DSS, and other regulatory requirements

18. Preferred text layout (no bullets)
10/5/ :59 PM
Preferred text layout (no bullets)
Main topic 1: size 40pt
Size 20pt for the subtopics
Main topic 2: size 40pt
Main topic 3: size 40pt
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19. Demo
Azure MFA nuts and bolts

20. Photo layout 1 Main topic 1: size 40pt Main topic 2: size 40pt
10/5/ :59 PM
Photo layout 1
Main topic 1: size 40pt
Size 20pt for the subtopics
Main topic 2: size 40pt
Main topic 3: size 40pt
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21. 10/5/ :59 PM
Section title
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22. Type that is size 54pt and larger should be condensed by 1pt
10/5/ :59 PM
Character spacing
Type that is size 54pt and larger should be condensed by 1pt
Type that is smaller than 54pt should be normal
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23. Sample charts & tables 10/5/2017 12:59 PM
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24. Adoption curve Type 4 Type 5 Type 3 Type 2 Type 6 Type 1 Type 7 (17%)
(12%)
Type 3
(11%)
Type 4
(19%)
Type 6
Type 5
(14%)
Type 7
(15%)
Category 1
Category 2

25. Table Column 1 Column 2 Column 3 Column 4 Column 5 Column 6 Column 7
Row 1
17%
12%
11%
19%
14%
15%
Row 2
78%
61%
36%
25% 2%
Row 3
24%
18%
21% 9% 8%
Row 4
64%
46%
41%
47%
26%
Row 5
63%
44%
50%
28%
39%
35%
Row 6 4% 1%
Row 7 5% 3%
Row 8 6%
Row 9 7% 0%

26. Clean and modern 80 want to try it again 89 would purchase it
10/5/ :59 PM
Clean and modern
80 want to try it again
89 would purchase it
68 are indifferent
77 totally love it
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27. 10/5/ :59 PM
Pie chart 1
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28. Horizontal bar chart Label 1 Label 2 Label 3 Label 4 Label 5
10/5/ :59 PM
Horizontal bar chart
Label 1
Label 2
Label 3
Label 4
Label 5
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29. 2 column table Tables are easy to modify
10/5/ :59 PM
2 column table Tables are easy to modify
Text
Tip: To quickly add a row, place cursor in this last cell and hit Tab key
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

30. 3 column table Tables are easy to modify
10/5/ :59 PM
3 column table Tables are easy to modify
Table header
Text
Tip: To quickly add a row, place cursor in this last cell and hit Tab key
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

31. Izpolnite anketo! Vam je bilo predavanje všeč?
Ste se naučili kaj novega?
Vaše mnenje nam veliko pomeni!
Da bo NT konferenca prihodnje leto še boljša, vas prosimo, da izpolnite anketo o zadovoljstvu, ki jo najdete v svojem NTK spletnem profilu.

32. 10/5/ :59 PM
© 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.