Azure Multi-Factor Authorization

  • Author: Ronald Fung

  • Creation Date: 1 June 2023

  • Next Modified Date: 1 June 2024

A. Introduction

If your organization is federated with Azure AD, you can use Azure AD Multi-Factor Authentication to secure AD FS resources, both on-premises and in the cloud. Azure AD Multi-Factor Authentication enables you to eliminate passwords and provide a more secure way to authenticate. With AD FS, you can configure Azure AD Multi-Factor Authentication for primary authentication or use it as an additional authentication provider.

Unlike with AD FS in Windows Server 2012 R2, the AD FS 2016 Azure AD Multi-Factor Authentication adapter integrates directly with Azure AD and doesn’t require an on premises Azure AD Multi-Factor Authentication server. The Azure AD Multi-Factor Authentication adapter is built in to Windows Server 2016. No other installation is required.

B. How is it used at Seagen

As a biopharma research company using Microsoft Azure, you can use Azure Multi-Factor Authentication (MFA) to add an extra layer of security to your organization’s cloud resources. Here are some ways you can use Azure MFA:

  1. User authentication: Azure MFA can be used to authenticate user identities, requiring users to provide two or more forms of authentication before accessing cloud resources.

  2. Conditional access: Azure MFA can be used to set conditional access policies, which can be used to restrict access to cloud resources based on user location, device type, or other factors.

  3. Single sign-on (SSO): Azure MFA can be used with Azure Active Directory (Azure AD) to provide users with SSO access to cloud resources, making it easier for users to access the resources they need.

  4. Customization: Azure MFA can be customized to meet the specific needs of your organization, including custom branding and policy configuration.

  5. Integration: Azure MFA can be integrated with a wide range of Microsoft and third-party applications and services, making it a flexible and versatile solution for securing cloud resources.

Overall, by leveraging Azure MFA, you can add an extra layer of security to your organization’s cloud resources, protecting against unauthorized access and helping to ensure the confidentiality, integrity, and availability of your data. By using Azure MFA to authenticate user identities, set conditional access policies, provide SSO access to cloud resources, customize the solution to meet your specific needs, and integrate it with other applications and services, you can effectively secure your organization’s cloud resources and protect against cyber threats.

C. Features

Azure Multi-Factor Authentication (MFA) is a cloud-based service that provides an extra layer of security to protect against unauthorized access to your organization’s cloud resources. Here are some of the key features of Azure MFA:

  1. User authentication: Azure MFA requires users to provide two or more forms of authentication before accessing cloud resources, providing an additional layer of security beyond traditional username and password authentication.

  2. Conditional access: Azure MFA can be used to set conditional access policies, which can be used to restrict access to cloud resources based on user location, device type, or other factors.

  3. Single sign-on (SSO): Azure MFA can be used with Azure Active Directory (Azure AD) to provide users with SSO access to cloud resources, making it easier for users to access the resources they need.

  4. Customization: Azure MFA can be customized to meet the specific needs of your organization, including custom branding and policy configuration.

  5. Integration: Azure MFA can be integrated with a wide range of Microsoft and third-party applications and services, making it a flexible and versatile solution for securing cloud resources.

  6. Multi-factor authentication methods: Azure MFA supports a range of authentication methods, including phone call, text message, mobile app notification, and hardware token.

  7. Reporting and monitoring: Azure MFA provides reporting and monitoring capabilities, allowing administrators to monitor authentication activity and identify potential security issues.

Overall, by leveraging Azure MFA, you can add an extra layer of security to your organization’s cloud resources, protecting against unauthorized access and helping to ensure the confidentiality, integrity, and availability of your data. By using Azure MFA to authenticate user identities, set conditional access policies, provide SSO access to cloud resources, customize the solution to meet your specific needs, and integrate it with other applications and services, you can effectively secure your organization’s cloud resources and protect against cyber threats.

D. Where Implemented

LeanIX

E. How it is tested

Testing Azure Multi-Factor Authentication (MFA) involves verifying that the service is properly configured and that it is effectively providing an extra layer of security to protect against unauthorized access to your organization’s cloud resources. Here are some steps you can take to test Azure MFA:

  1. Verify configuration: Verify that Azure MFA is properly configured and integrated with your Azure account and resources.

  2. Test user authentication: Test Azure MFA by requiring users to provide two or more forms of authentication before accessing cloud resources, ensuring that the service is effectively authenticating user identities.

  3. Test conditional access: Test Azure MFA by setting conditional access policies, which can be used to restrict access to cloud resources based on user location, device type, or other factors, ensuring that the service is effectively controlling access to cloud resources.

  4. Test SSO: Test Azure MFA by providing users with SSO access to cloud resources, making it easier for users to access the resources they need.

  5. Test customization: Test Azure MFA by customizing the solution to meet the specific needs of your organization, including custom branding and policy configuration.

  6. Test integration: Test Azure MFA by integrating it with other applications and services, making it a flexible and versatile solution for securing cloud resources.

  7. Test multi-factor authentication methods: Test Azure MFA by verifying that it supports a range of authentication methods, including phone call, text message, mobile app notification, and hardware token.

  8. Test reporting and monitoring: Test Azure MFA by monitoring authentication activity and identifying potential security issues.

Overall, testing Azure MFA involves verifying that the service is effectively providing an extra layer of security to protect against unauthorized access to your organization’s cloud resources. By taking these steps, you can ensure that you are effectively using Azure MFA to secure your organization’s cloud resources and protect against cyber threats.

F. 2023 Roadmap

????

G. 2024 Roadmap

????

H. Known Issues

Like any software or service, there may be known issues or limitations with Azure Multi-Factor Authentication (MFA) that users should be aware of. Here are some of the known issues with Azure MFA:

  1. Complexity: Azure MFA can be complex to configure and use, particularly for organizations with limited experience in multi-factor authentication.

  2. Cost: Azure MFA can be expensive, particularly for organizations that require advanced multi-factor authentication capabilities or that require a high level of support and customization.

  3. Limited customization: While Azure MFA allows users to customize the interface, there may be limitations to the level of customization that is possible, which can limit the ability of users to configure the service to their specific needs.

  4. Integration: While Azure MFA can be integrated with a wide range of Microsoft and third-party applications and services, there may be compatibility issues that need to be addressed.

  5. User experience: Azure MFA can add an extra layer of complexity to the authentication process, which can impact the user experience.

  6. Reliability: Azure MFA may experience occasional outages or service disruptions, which can impact the availability of cloud resources.

Overall, while Azure MFA offers a powerful tool for securing cloud resources, users must be aware of these known issues and take steps to mitigate their impact. This may include carefully managing costs to ensure that they stay within their budget, carefully configuring the service to meet the specific needs of their data, and carefully monitoring authentication activity to ensure that the service is effectively authenticating user identities and controlling access to cloud resources. By taking these steps, users can ensure that they are effectively using Azure MFA to secure their organization’s cloud resources and protect against cyber threats.

[x] Reviewed by Enterprise Architecture

[x] Reviewed by Application Development

[x] Reviewed by Data Architecture