Authentication methods
Now that organizations are moving toward Azure AD and cloud-based identity authentication, administrators can offer enhancements to their users, which both simplify the authentication process and offer increased security.
Traditional passwords can be forgotten, lost, stolen, and even compromised by hackers, malware, and social engineering. One policy that is quickly being adopted is to require that a user present a second authentication factor in addition to a password when they sign on.
Azure AD includes features, such as Azure Multifactor Authentication (Azure MFA) and Azure AD Self-Service Password Reset (SSPR), which allow administrators to protect their organizations and users with secure authentication methods.
Additional verification is needed before authentication is completed and may be obtained through the methods shown in Table 1-16.
TABLE 1-16 Authentication methods
| Authentication Method | Usage |
| Password | Azure MFA and SSPR |
| Security questions | SSPR only |
| Email address | SSPR only |
| Microsoft Authenticator app | Azure MFA and SSPR |
| Open Authentication (OATH) time-based, one-time password hardware token | Azure MFA and SSPR |
| SMS | Azure MFA and SSPR |
| Voice call | Azure MFA and SSPR |
| App passwords | Azure MFA |
Microsoft Authenticator APP
The Microsoft Authenticator app provides a quick and simple way to add additional levels of security to your Azure AD account.
Once a user has installed the Microsoft Authenticator app on their smartphone or tablet, the user can add multiple work or school Azure AD and Microsoft accounts. Each time the user accesses secured resources, they must access the Microsoft Authenticator app and perform one of the following options, depending on service configuration:
- Approve the request Users acknowledge the request by selecting Approve on their device.
- Retrieve a verification code Users enter the verification code from the app into the resource access page and then authentication is approved.
Exam Tip
To configure whether users are prompted to enter a verification code, or must approve an authentication request, the administrator must enable Mobile app code and/or Mobile app notification.
Users can download and install the Microsoft Authenticator app from the application store for their smartphone platforms.