Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security...
Transcript of Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security...
![Page 1: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/1.jpg)
Denis MihićFounder and IT ArchitectMCT, MCSE: Cloud and Management | MCSE: Server Infrastructure
MCITP | MCTS | MCSA | MCSE:Security
Implementing and Managing Azure Multi-factor Authentication
![Page 2: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/2.jpg)
![Page 3: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/3.jpg)
O predavaču
• 5 godina Microsoft MVP Cloud and Datacenter• Microsoft Certified Trainer
• MCSE: Cloud and Management, MCSE: Server
Infrastructure, MCSA, MCSE:Security• Voditelj Hercegovina MS Community-a• Predavač na svim konferencijama u regionu• Microsoft certificiran od 2006 godine• 40+ certifikata (Microsoft, Vmware, Cisco, Barracuda)
![Page 4: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/4.jpg)
Agenda
• Understanding Azure Multi-factor Authentication• Configuring Azure MFA in the Cloud• Implementing Azure MFA Server On-premises• Duo Security (free edition)
![Page 5: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/5.jpg)
2017 Poll of Internet Users
![Page 6: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/6.jpg)
Username and password no longer enough
Azure Multi-factor Authentication• Global service• Second factor of authentication• For Cloud based systems and on-premise
systems• Using standard Mobile phones
![Page 7: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/7.jpg)
What is multi-factor authentication?
Any two or more of the following factors:
Stronger when using two different channels (out-of-band).
![Page 8: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/8.jpg)
What is Azure Multi-Factor Authentication?
An Azure Identity and Access management service that prevents unauthorized access to both on-premises and cloud applications by providing an additional level of authentication
Trusted by thousands of enterprises to authenticate employee, customer, and partner access.
![Page 9: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/9.jpg)
How It Works
![Page 10: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/10.jpg)
Microsoft Azure Multi-Factor Authentication flavors
• Azure Multi-Factor Authentication stand-alone
• Included in Azure Active Directory Premium
• Free for Azure administrators
• A subset of Azure MFA functionality included in Office 365
![Page 11: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/11.jpg)
MFA for Office 365 Azure Multi-FactorAuthentication
Administrators can Enable/Enforce MFA to end-users Yes Yes
Use Mobile app (online and OTP) as second authentication factor Yes Yes
Use Phone call as second authentication factor Yes Yes
Use SMS as second authentication factor Yes Yes
Application passwords for non-browser clients (e.g. Outlook, Lync) Yes Yes
Default Microsoft greetings during authentication phone calls Yes Yes
Remember Me (Public Preview coming in June)* Yes Yes
Custom greetings during authentication phone calls Yes
Fraud alert Yes
MFA SDK Yes
Security Reports Yes
MFA for on-premises applications/ MFA Server. Yes
One-Time Bypass Yes
Block/Unblock Users Yes
Customizable caller ID for authentication phone calls Yes
Event Confirmation Yes
IP Whitelist (currently in Public Preview)* Yes
![Page 12: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/12.jpg)
No devices or certificates to purchase, provision, and maintain
No end user training is required
Users replace their own lost or broken phones
Users manage their own authentication methods and phone numbers
Integrates with existing directory for centralized user management and automated enrollment
Convenience
![Page 13: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/13.jpg)
Demo u screen-ovima
![Page 14: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/14.jpg)
Activate Azure Active Directory Premium
• 30 days trial• include Multi-factor authentication
![Page 15: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/15.jpg)
Cloud setup
![Page 16: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/16.jpg)
Demo
![Page 17: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/17.jpg)
On-premise setup
![Page 18: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/18.jpg)
![Page 19: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/19.jpg)
Duo Security (free)
![Page 20: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/20.jpg)
![Page 21: Denis Mihić · • MCSE: Cloud and Management, MCSE: Server Infrastructure, MCSA, MCSE:Security • Voditelj Hercegovina MS Community-a • Predavač na svim konferencijama u regionu](https://reader030.fdocuments.in/reader030/viewer/2022040409/5f3777773450da4b53757c43/html5/thumbnails/21.jpg)