Using multi-factor authentication with Windows Azure AD
Published: October 11, 2012
Updated: September 8, 2013
Applies To: Windows Azure
This topic provides a general overview of multi-factor authentication concepts and describes how a global administrator can use multi-factor authentication in Windows Azure Active Directory to further protect their organization’s identity data in the cloud.
Multi-factor authentication adds a critical second layer of security to user sign-ins and transactions. It works by requiring any two or more of the following verification methods:
Something you know (typically a password)
Something you have (a trusted device that is not easily duplicated, like a phone)
Something you are (biometrics)
The security of multi-factor authentication lies in its layered approach. Compromising multiple authentication factors presents a significant challenge for attackers. Even if an attacker manages to learn the user’s password, it is useless without also having possession of the trusted device. Conversely, if the user happens to lose the device, the finder of that device won’t be able to use it unless he or she also knows the user’s password.
By default, Windows Azure AD supports the use of passwords as its only authentication method for user sign-ins.
For more information on Multi-Factor Authentication see Windows Azure Multi-Factor Authentication.
ConceptsAdd or change your security verification settings
Other ResourcesWindows Azure Active Authentication for Administrators