Azure Active Directory Second Factor Authentication








All Microsoft Cloud Services stores user objects in Azure Active Directory, and now it supports a second factor of authentication.

This is ONLY for none federated users, so if you are federated by using ADFS you will have to install your own second factor on your ADFS Server.


Authentication methods this second factor supports:

– Cloud Identity
– Directory Synchronized Identity
– Directory Synchronized Identity and Password

It is per user, so you choose which user to activate and it is created so users will enroll their device themself upon first logon after we have actived a second factor.
Second factor authentication options:
– Receive SMS
– Receive a Mobile Call
– Receive a landline Call (Not Lync)
– Mobile App

I prefer the mobile app, as I am used to with my online banking.

Choose the Mobile App, you’ll then need to download it from the application store of your mobile device: Multi-Factor Authentication by PhoneFactor, Inc.


Continue on your login page after the installation, let the application scan the QR code and enter the first one-time access code.


Your next logon will ask for a one-time access code from the App after you provided the portal with username and password 🙂


One response to “Azure Active Directory Second Factor Authentication”

  1. […] So with PowerShell we can grant users the policy of PasswordNeverExpires, which in some cases are good enough security. Perhaps togethere with a second factor for authentication. […]

Leave a Reply


I am Roy Apalnes, a Microsoft Cloud Evangelist working av Sopra Steria. Main focus in Microsoft Security and Endpoint Management, with a bigger picture in mind.

Featured Posts