In this task, you will configure MFA and enable MFA for aaduser1.
In the Azure portal, navigate back to the AdatumLab500-04 Azure Active Directory tenant blade.
Note: Make sure you are using the AdatumLab500-04 Azure AD tenant.
On the AdatumLab500-04 Azure Active Directory tenant blade, in the Manage section, click Security.
On the Security | Getting started blade, in the Manage section, click MFA.
On the Multi-Factor Authentication | Getting started blade, click the Additional cloud-based MFA settings link.
Note: This will open a new browser tab, displaying multi-factor authentication page.
On the multi-factor authentication page, click the service settings tab. Review verification options. Note that Text message to phone, Notification through mobile app, and Verification code from mobile app or hardware token are enabled. Click Save and then click close.
Switch to the users tab, click aaduser1 entry, click the Enable link, and, when prompted, click enable multi-factor auth.
Notice the Multi-Factor Auth status column for aaduser1 is now Enabled.
Click aaduser1 and notice that, at this point, you also have the Enforce option.
Note: Changing the user status from Enabled to Enforced impacts only legacy Azure AD integrated apps which do not support Azure MFA and, once the status changes to Enforced, require the use of app passwords.
With the aaduser1 entry selected, click Manage user settings and review the available options:
Require selected users to provide contact methods again.
Delete all existing app passwords generated by the selected users.
Restore multi-factor authentication on all remembered devices.
Click Cancel and switch back to the browser tab displaying the Multi-Factor Authentication | Getting started blade in the Azure portal.
In the Settings section, click Fraud alert.
On the Multi-Factor Authentication | Fraud alert blade, configure the following settings:
| Setting | Value |
|---|---|
| Allow users to submit fraud alerts | On |
| Automatically block users who report fraud | On |
| Code to report fraud during initial greeting | 0 |
Click Save
Note: At this point, you have enabled MFA for aaduser1 and setup fraud alert settings.
Navigate back to the AdatumLab500-04 Azure Active Directory tenant blade, in the Manage section, click Properties, next click the Manage Security defaults link at the bottom of the blade, on the Enable Security Defaults blade, click No. Select My Organization is using Conditonal Access as the reason and and then click Save.
Note: Ensure that you are signed-in to the AdatumLab500-04 Azure AD tenant. You can use the Directory + subscription filter to switch between Azure AD tenants. Ensure you are signed in as a user with the Global Administrator role in the Azure AD tenant.