SALES: 1-800-867-1380

Configuring Advanced Multi-Factor Authentication Settings

Published: May 20, 2013

Updated: September 23, 2014

The following section describes the advanced settings that are available for configuration and use with Azure Multi-Factor Authentication.

The following document describes how to setup and enable the fraud alert feature for Azure Multi-Factor Authentication. It provides the steps on the following:

WarningWarning
Be aware that if your Multi-Factor Authentication Provider is not associated with an Azure Active Directory Tenant then even if you configure Fraud Alert using the Azure Multi-Factor Authentication Portal, it will not be applied to your users.

The following procedure will describe how to setup and configure fraud alert for Azure Multi-Factor Authentication. This procedure assumes that you already have created an Multi-Factor Auth Provider. For information on creating an Multi-Factor Auth Provider see Creating an Multi-Factor Authentication Provider.

  1. Log on to http://azure.microsoft.com

  2. On the left, select Active Directory.

  3. At the top select Multi-Factor Auth Providers. This will bring up a list of your Multi-Factor Auth Providers.

  4. If you have more than one Multi-Factor Auth Provider, select the one you wish to enable fraud alerting on and click Manage at the bottom of the page. If you have only one, just click Manage. This will open the Azure Multi-Factor Authentication Management Portal.

  5. On the Azure Multi-Factor Authentication Management Portal, on the left, click Settings.

  6. Under the Fraud Alert section, place a check in Allow users to submit Fraud Alerts.

  7. If you want users to be blocked when fraud is reported, place a check in Block user when fraud is reported.

  8. In the box under Code To Report Fraud During Initial Greeting enter a number code that can be used during call verification. If a user enters this code, instead of the # sign, then a fraud alert will be reported.

  9. At the bottom, click Save.

Active Auth Settings

The following procedure will describe how report fraud for Azure Multi-Factor Authentication. This procedure assumes that you already the mobile app installed and configured on your phone and that it has been setup in the additional security verification section. For information on setting up the Mobile App see Using Mobile App as your contact method.

  1. When a verification is sent to your phone click on it and it will start the Multi-Factor Authentication app.

    Verify Fraud

  2. To report fraud, click the Cancel and Report Fraud. This will bring up a box that says your organizations IT Support staff will be notified. Click report fraud.

    report fraud

  3. On the app, click Close.

  1. When a verification call comes in to your phone answer it.

  2. To report fraud, enter the code that has been configured to correspond with reporting fraud via the phone and then the # sign. You will be notified that a fraud alert has been submitted.

  3. End the call.

The following procedure will describe how to view the fraud alert report in the Azure Multi-Factor Authentication portal.

  1. Log on to http://azure.microsoft.com

  2. On the left, select Active Directory.

  3. At the top select Multi-Factor Auth Providers. This will bring up a list of your Multi-Factor Auth Providers.

  4. If you have more than one Multi-Factor Auth Provider, select the one you wish to view the fraud alert report and click Manage at the bottom of the page. If you have only one, just click Manage. This will open the Azure Multi-Factor Authentication Management Portal.

  5. On the Azure Multi-Factor Authentication Management Portal, on the left, under View A Report, click Fraud Alert.

  6. Specify the date range that you wish to view in the report. Also you can specify any specific usernames, phone numbers and the users status.

  7. Click Run. This will bring up a report similar to the one below. You can also click Export to CSV if you wish to export the report.

    Azure_2FA_62

The following document describes how to setup and enable the one-time bypass feature for Azure Multi-Factor Authentication. Multi-Factor Authentication can be bypassed to allow a user to authenticate a single time. The bypass is temporary and expires after the specified number of seconds. Use the following procedures to enable a one-time bypass or to revoke a one-time bypass. The following procedures are covered in this document.

WarningWarning
Be aware that if your Multi-Factor Authentication Provider is not associated with an Azure Active Directory Tenant then even if you configure One-Time Bypass using the Azure Multi-Factor Authentication Portal, it will not be applied to your users.

The following procedure will describe how to configure a one-time bypass for Azure Multi-Factor Authentication. This procedure assumes that you already have created an Multi-Factor Auth Provider. For information on creating an Multi-Factor Auth Provider see Creating an Multi-Factor Authentication Provider.

  1. Log on to http://azure.microsoft.com

  2. On the left, select Active Directory.

  3. At the top select Multi-Factor Auth Providers. This will bring up a list of your Multi-Factor Auth Providers.

  4. If you have more than one Multi-Factor Auth Provider, select the one that is associated with the directory for the user you wish to create a one-time bypass for and click Manage at the bottom of the page. If you have only one, just click Manage. This will open the Azure Multi-Factor Authentication Management Portal.

  5. On the Azure Multi-Factor Authentication Management Portal, on the left, under User Administration, click One-Time Bypass.

    onetimebypass1

  6. On the One-Time Bypass page, click New One-Time Bypass.

  7. Enter the user’s username, the number of seconds that the bypass will exist, the reason for the bypass and click Bypass.

    WarningWarning
    Be sure to enter the full username, for instance, if my user was bsimon@contoso.onmicrosoft.com, I would enter bsimon@contoso.onmicrosoft.com for the username and not bsimon.

    onetimebypass1

  8. At this point, the user must sign in before the one-time bypass expires.

The following procedure will describe how to view the Bypass User History Report in the Azure Multi-Factor Authentication portal.

  1. Log on to http://azure.microsoft.com

  2. On the left, select Active Directory.

  3. At the top select Multi-Factor Auth Providers. This will bring up a list of your Multi-Factor Auth Providers.

  4. If you have more than one Multi-Factor Auth Provider, select the one that is associated with the directory for the user you wish to create a one-time bypass for and click Manage at the bottom of the page. If you have only one, just click Manage. This will open the Azure Multi-Factor Authentication Management Portal.

  5. On the Azure Multi-Factor Authentication Management Portal, on the left, under View A Report, click Bypassed User History.

  6. Specify the date range that you wish to view in the report. Also you can specify any specific usernames, phone numbers and the users status.

  7. Click Run. This will bring up a report similar to the one below. You can also click Export to CSV if you wish to export the report.

    onetimebypass3

The following document describes how to setup and configure the custom voice message feature for Azure Multi-Factor Authentication. It provides the steps on the following:

The following procedure will describe how to setup and configure custom voice messages for Azure Multi-Factor Authentication. This procedure assumes that you already have created an Multi-Factor Auth Provider. For information on creating an Multi-Factor Auth Provider see Creating an Multi-Factor Authentication Provider.

  1. Create a custom voice message using one of the supported file formats. See Custom Voice Message Recommendations below.

  2. Log on to http://azure.microsoft.com

  3. On the left, select Active Directory.

  4. At the top select Multi-Factor Auth Providers. This will bring up a list of your Multi-Factor Auth Providers.

  5. If you have more than one Multi-Factor Auth Provider, select the one you wish to configure the custom voice message on and click Manage at the bottom of the page. If you have only one, just click Manage. This will open the Azure Multi-Factor Authentication Management Portal.

  6. On the Azure Multi-Factor Authentication Management Portal, on the left, click Voice Messages.

    vm1

  7. Under the Voice Messages section, click New Voice Message.

    vm2

  8. On the Configure: New Voice Messages page, click Manage Sound Files.

    vm2

  9. On the Configure: Sound Files page, click Upload Sound File.

    vm4

  10. On the Configure: Upload Sound File, click Browse and navigate to your voice message, click Open.

  11. Add a Description and click Upload.

  12. Once this completes, you will see a message that you have successfully uploaded the file.

  13. On the left, click Voice Messages.

  14. Under the Voice Messages section, click New Voice Message.

  15. From the Language drop-down, select a language.

  16. If this message is for a specific application, specify it in the Application box.

  17. From the Message Type, select the message type that will be overridden with our new custom message.

  18. From the Sound File drop-down, select your sound file.

  19. Click Create. You will see a message that says you have successfully created a voice message.

    WarningWarning
    It may take a few minutes for this message to become active.

    vm5

The following is a list of recommendations for creating and using custom voice messages.

  • The current supported file formats are .wav and .mp3.

  • The file size limit is 5MB.

  • It is recommended that for Authentication messages that it be no longer than 20 seconds. Anything greater than this could cause the verification to fail because the user may not respond before the message finishes and the verification times out.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft