Adding MFA to Microsoft Intune (hybrid scenario) the easy and cheap way

BLOG-1000070Today I was playing with my Office 365 subscription and I noticed that there is an option to enable the free Multi Factor authentication option. Office 365 supports MFA since February this year. TechNet states that Multi-Factor Authentication for Office 365 (powered by Azure Multi-Factor Authentication) works exclusively with Office 365 applications and that it is managed from the Office 365 portal. But after enabling this option for one of my users, it was also enabled while logging on to the Microsoft Intune portal. Very logical if you ask me since they share the same users.

Update: Since last week MFA is also available in Microsoft Intune, the only thing is that this option is only visible (in a different location) in Microsoft Intune standalone, not when you are using Configuration Manager 2012 R2 to manage your mobile devices. (Thanks Simon)

Let’s see how this works when using Microsoft Intune in a hybrid scenario.

To be able to add MFA to Microsoft Intune the easy way you need to have an Office 365 and Microsoft Intune subscription on the same tenant. After logging on to the Office 365 Admin portal (https://portal.office.com) you see in the users section the option to Set up Multi-factor authentication.

Set-up MFA
Set-up MFA

Next you see all the synchronized users and the multi-factor auth status where you can enable the users for MFA.

Enable the user for MFA
Enable the user for MFA

After selecting the user and clicking on Enable you are able to enable multi-factor auth for that user.

Enable MFA
Enable MFA

After enabling this feature the user is able to configure it and choose if a text message with a one-time password or an automated call is received.

Enable the user for MFA
Enable the user for MFA

Next you need to configure your mobile number which is used to receive the text messages or calls, your number needs to be verified before you are able to continue.

Verification is checked, let's go :)
Verification is checked, let’s go 🙂

After this process is finished you are able to configure a special password that can be used for for instance ActiveSync or Outlook Anywhere. In this case we do not need to configure it since we will only be using it for Microsoft Intune 🙂

Configure a password for other apps.
Configure a password for other apps.

So after configuring MFA, it can be used to enroll the device into Microsoft Intune (or hybrid into Configuration Manager 2012 R2) or to access the apps via the Microsoft Intune Company Portal.

Logging on to the company portal on a Windows Phone 8.1 with MFA
Logging on to the company portal on a Windows Phone 8.1 with MFA

So when you have Office 365 and Microsoft Intune and you are using Microsoft Intune in a hybrid scenario you can use the MFA support in Office 365 also for Microsoft Intune without the need of configuring it in Microsoft Azure. Very nice if you ask me 🙂

As said, the MFA option is only available in a Microsoft Intune standalone scenario, not in a hybrid scenario..

BLOG-1000082
MFA option not visible when Configuration Manager is the Mobile Device Management Authority
BLOG-1000084
MFA option visible when Microsoft Intune is the Mobile Device Management Authority

Till next time!

 

Comments

Total
0
Shares
2 comments
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

A quick first look at the new Microsoft Intune Console

Next Post

What is the difference between MFA via Microsoft Intune and via Office 365?

Related Posts
Total
0
Share