Export (0) Print
Expand All

Azure Multi-Factor Authentication FAQ

Published: May 20, 2013

Updated: May 1, 2015

This section covers possible frequently asked questions with regard to Azure MFA.

  • If you previously configured a backup phone, try again by selecting that phone when prompted from the sign in page.

  • If you don’t have another method configured, contact your admin and ask them to update the number assigned to your primary phone – mobile or office.

  • Currently, additional security verification can only be used with applications/services that you can access through your browser. Non-browser applications (also referred to as rich client applications) which are installed on your local computer such as Outlook, Lync, and Windows Powershell will not work with accounts that are required for additional security verification. In this case, you may see the application generate error 0x800434D4L.

  • A workaround for this is to have a separate user account for admin-related operations vs. non-admin operations. You can later link mailboxes between your admin account and non-admin account so you can sign-in to outlook using your non-admin account. For more details about this, see Give an Administrator the Ability to Open and View the Contents of a User's Mailbox.

  • Go to https://account.activedirectory.windowsazure.com/profile/ and sign in with your organizational account.

  • If needed, click Other verification options and select a different option for completing the account verification.

  • Click Additional Security Verification.

  • Remove the existing account from your mobile application.

  • Click Configure and follow the instructions to re-configure the mobile application.

  • Depending on which portal you are using, in the left pane, click either Users or Users and Groups.

  • Depending on which portal you are using, select the check box next to the user that you want to edit, and then click either Edit or the Edit icon.

  • Click Settings, under Assign role, select Yes, and add the user back to the previous admin role.

  • Go to the multi-factor authentication page. The account should now be showing up in the list on the page. Follow the steps above to disable multi-factor authentication for an account. At this point, you can now remove the account from the admin role.

  • You can reset the user by forcing them to go through the registration process again. To do this see Managing User Settings

  • You can delete all of the users app passwords and have them recreate them once they get a replacement device. To do this see Managing User Settings

  • Users enabled for multi-factor authentication will require app password to sign into non-browser apps such as Outlook, Mail Clients, Lync etc. Users will need to clear the sign-in info (delete sign-in info), restart the application and sign-in with the their username and app password. Please read this artWatch a video showing these steps at How to Set Up Multi-Factor for Your Account or follow the steps documented here.

  1. The Azure Multi-Factor Authentication service sends text messages through SMS aggregators. Many factors may impact the reliability of text message delivery and receipt including the aggregator used, destination country, mobile phone carrier and signal strength. Therefore, delivery of text messages and receipt of SMS replies when performing two-way SMS is not guaranteed. Using one-way SMS is recommended over two-way SMS when possible because it is more reliable and prevents users from incurring global SMS charges caused by replying to a text message that was sent from another country. Text message verifications are also more reliable in some countries such as the United States and Canada than other countries. Users that experience difficulty receiving text messages reliably when using Azure Multi-Factor Authentication are encouraged to select the mobile app or phone call methods instead. The mobile app is great because mobile app notifications can be received over both cellular and Wi-Fi connections, and the mobile app passcode is displayed even when the device has no signal at all. The Multi-Factor Authentication app is available for Windows Phone, Android, and IOS.

  1. All costs are rolled into the per-user or per-authentication cost of the service. Organizations are not charged for individual phone calls placed or text messages sent to your end users when using Azure Multi-Factor Authentication. Phone owners may incur roaming-related or other costs from their telephone carriers to receive the phone calls or text messages.

  1. – The ‘per user’ or ‘per authentication’ billing/usage model is chosen when creating a Multi-Factor Auth Provider in the Azure Management Portal. It is a consumption-based resource that is billed against the organization’s Azure subscription, just like virtual machines, websites, etc. are billed against the subscription.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
© 2015 Microsoft