1.

Objective – Configure verification methods

1. At the top of the portal, search for and select azure active directory
2. Select Users from the menu on the left-hand side.
3. At the top of the Users windows, select Multi-Factor Authentication
4. Choose Service Settings, then review the Verification options. Uncheck the option for
Verification code from mobile app or token.
5. Note how you can allow users to remember MFA on trusted devices, but you can define the
time period before they’re prompted to re-authenticate.
6. When ready, select Save. Leave this Multi-Factor Authentication window open for the next
exercise.

2. Objective – Configure user accounts for MFA

1. In the Multi-Factor Authentication window, select Users
2. Select your user from the previous lab, such as azureuser. On the right-hand side select
Enable, then confirm with Enable multi-factor auth.
3. The next time the user signs in, they’re prompted to register their MFA details. You do this
in the next exercise.

Note that this per-user approach may be expected on the exam, but isn’t necessarily the
best way to enable Azure Multi-Factor Authentication. Conditional Access policies are a
better way to control authentication for groups of users, or based on specific behavior
patterns.

4. Open an InPrivate or Incognito window in your web browser to https://portal.azure.com.

When prompted to sign in, enter the credentials you copied to a text editor in the previous
labs, such as for azureuser@<yourtenant>.onmicrosoft.com
5. Enter the password you set in the previous exercise, and you’re then prompted that more
information is needed – this is the prompt to register for Azure Multi-Factor
Authentication. Select Next
6. If you’re able to complete these steps, follow the prompts to set a contact information and
receive a code via text message. SMS charges may apply here depending on your carrier. If
you don’t want to continue due to potential costs, that’s fine – just read through the next
couple of steps so you know what a user sees during the process.
7. A six-digit code is sent via SMS message. When you receive this code, enter it into the
portal, then select Verify
8. An app password is shown for applications that don’t support Multi-Factor Authentication.
For these labs, you won’t need this, but note that some users may require additional steps
to configure their applications if needed.
9. Select Done, and you should be directed to the Azure portal. In the top right-hand corner,
select your user account, then choose Sign out
10. After you’re signed out, choose to sign back in again. Enter you credentials, such as
azureuser@<yourtenant>.onmicrosoft.com and your password, and after you sign in, you
receive the multi-factor authentication prompt. A text message is sent to your phone, and
 you’re prompted to enter the code in the sign in dialog to continue. Enter this code, and
the sign in process continues and directs you to the Azure portal.

3. Objective – Configure verification methods

1. At the top of the portal, search for and select azure active directory
2. Select Security from the menu on the left-hand side.
3. Choose Named locations, then select + New location
4. You can define IP ranges for a location or select an entire country. Take care if you mark as a
trusted location, as this lowers a user’s perceived sign in risk. The goal is to define known
locations to help Azure AD understand where sign in attempts are coming from. In our
example here, the azureuser is always prompted for MFA, but using Conditional Access
policies, that may not be the case.

Enter the following configuration information. If not noted below, use the defaults:

Name: Training office

Mark as trusted location: Checked
IP ranges: 13.64.0.0/16
You’d specify your own known IP ranges - this example is an Azure datacenter
range for West US.

5. When ready, select Create