Authentication steps

%3CLINGO-SUB%20id%3D%22lingo-sub-990059%22%20slang%3D%22en-US%22%3EAuthentication%20steps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-990059%22%20slang%3D%22en-US%22%3E%3CP%3ECan%20anyone%20point%20me%20to%20some%20info%20on%20the%20authentication%20steps%20for%20Azure%20AD%20and%20MFA.%26nbsp%3B%20Basically%20trying%20to%20determine%20during%20the%20login%20process%20the%20person%20first%20enters%20their%20username%20and%20password%20and%20submits.%26nbsp%3B%20They%20are%20then%20prompted%20through%20the%20chosen%20method%20to%20accept%20a%20MFA%20prompt.%26nbsp%3B%20My%20question%20is%20does%20the%20MFA%20prompt%20sent%20before%20or%20after%20the%20username%20and%20password%20is%20validated%20as%20correct.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EFor%20example%20if%20I%20see%20in%20the%20Azure%20AD%20sign%20ins%20a%20login%20that%20failed%20due%20to%20MFA%20not%20being%20accepted.%26nbsp%3B%20Can%20I%20assume%20that%20the%20username%20and%20password%20was%20already%20validated%20as%20being%20correct%20and%20it%20moved%20onto%20MFA%20which%20failed%20or%20are%20they%20all%20validated%20at%20the%20same%20time%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-990059%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-990095%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20steps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-990095%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F393307%22%20target%3D%22_blank%22%3E%40lfkentwell%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIf%20someone%20doesn't%20enter%20in%20their%20password%20correctly%20then%20they%20won't%20be%20prompted%20for%20MFA.%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-990112%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20steps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-990112%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F2707%22%20target%3D%22_blank%22%3E%40Cary%20Siemers%3C%2FA%3E%26nbsp%3Bthanks%20that's%20my%20observation.%26nbsp%3B%20I%20suppose%20I%20was%20hoping%20this%20might%20be%20documented%20somewhere%20so%20I%20can%20show%20managers%20this%20is%20the%20case%20as%20I%20am%20being%20challenged%20if%20a%20users%20credentials%20have%20been%20compromised%20or%20not.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20idea%20if%20there%20is%20a%20article%20from%20MC%20confirming%20this%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-990176%22%20slang%3D%22en-US%22%3ERe%3A%20Authentication%20steps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-990176%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F393307%22%20target%3D%22_blank%22%3E%40lfkentwell%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHere's%20a%20whole%20bunch%20of%202FA%20documentation%20(%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fuser-help%2Fuser-help-two-step-verification-overview%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fuser-help%2Fuser-help-two-step-verification-overview%3C%2FA%3E).%20I%20can't%20say%20it'll%20spell%20out%20your%20scenario%20for%20your%20managers.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
lfkentwell
Occasional Contributor

Can anyone point me to some info on the authentication steps for Azure AD and MFA.  Basically trying to determine during the login process the person first enters their username and password and submits.  They are then prompted through the chosen method to accept a MFA prompt.  My question is does the MFA prompt sent before or after the username and password is validated as correct.

 

For example if I see in the Azure AD sign ins a login that failed due to MFA not being accepted.  Can I assume that the username and password was already validated as being correct and it moved onto MFA which failed or are they all validated at the same time?

3 Replies

@lfkentwell 

If someone doesn't enter in their password correctly then they won't be prompted for MFA. 

@Cary Siemers thanks that's my observation.  I suppose I was hoping this might be documented somewhere so I can show managers this is the case as I am being challenged if a users credentials have been compromised or not.

 

Any idea if there is a article from MC confirming this?

@lfkentwell 

Here's a whole bunch of 2FA documentation (https://docs.microsoft.com/en-us/azure/active-directory/user-help/user-help-two-step-verification-ov...). I can't say it'll spell out your scenario for your managers.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
46 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Stable version of Edge insider browser
HotCakeX in Discussions on
35 Replies
flashing a white screen while open new tab
Deleted in Discussions on
14 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
13 Replies