More #AzureAD MFA Coolness – selectable verification methods and more OATH!

First published on CloudBlogs on Apr, 20 2016
Howdy folks, As most of you know, we take a lot of pride in delivering new capabilities at a super rapid pace. It's one of the coolest aspects of working on Azure AD. And our MFA service is no exception! Today I want to let you know about TWO MORE cool features that are in GA now – selectable MFA methods and enhanced support for OATH authenticators! These features are available in all versions of Azure MFA, including MFA for Office 365 and MFA for Azure Admins. Azure Active Directory Multi-Factor Authentication offers a bunch of ways to authenticate users – phone calls, SMS, push notifications – with or without a PIN code. And we're working on more! However, we've heard from customers that they may want to guide users towards some of these options, and steer them away from others. So we've introduced a super simple way for you to do just that! You can decide exactly what mechanisms your directory supports with just a few clicks – I've asked Shawn Bishop, our GTP team's MFA expert, to show you how, and show you the new OATH support as well. As always, we'd love to receive any feedback of suggestions you have! Best Regards, Alex Simons (Twitter: @Alex_A_Simons ) Director of Program Management Microsoft Identity Division Hey everyone! Shawn again, with more MFA goodness! Ok, we're heading back to the multi-factor authentication server settings page!

First, select your directory

Now choose "configure" from the tabs:

Scroll about half way down the page and select Manage service settings under "multi-factor authentication":

And you're there! On the multi-factor authentication settings page, you'll find "verification options" about mid-page – just check and uncheck to set up what you want for your users (We think they are all good options, so everything is checked by default).

Hope you enjoyed learning about this new feature – more info is available here . Next up is some enhanced OATH support – we've made it possible to register any OATH token generator with Azure MFA, allowing your users to authenticate without use of push notifications and with any OATH compliant token generator. By default, they will be offered the standard push notifications mechanism through the Azure Authenticator app, but if their device doesn't support push or they need to be able to work completely offline (e.g. on an airplane's wifi) then there's a great alternative. During MFA enrollment, the user who has selected "verification codes" can just select "Configure app without notifications" when they are on the "Configure mobile app" screen.

Now the QR code displayed will support any OATH compliant app (including Azure Authenticator!) – they can just scan it, and voila, push-notification free verification!

Thanks, Shawn