Blog Post

Microsoft Entra Blog
3 MIN READ

One Time Password over SMS Added to Azure MFA Server

Alex Simons (AZURE)'s avatar
Sep 07, 2018
First published on CloudBlogs on Mar, 02 2015
Howdy folks, As many of you know Azure MFA can be deployed in two modes, either directly inside of Azure AD in the cloud, or using our Azure MFA server, connected to on-premises ADFS and/or RADIUS servers. This second deployment option is VERY popular and over 80% of our customers deploy this way. Customers using the on premises mode have been asking us to add support for a few key features that up until now, only worked in Azure AD cloud connected model. So today I'm happy to let you know that we've turned on support in our Azure MFA server for One Time Passwords of SMS, the #1 feature customers have asked us to add. To tell you more about this new capability, I've asked David Howell, our Partner Group Program Manager for Identity Security and Protection to write up a guest post about this feature. David is a long-time Microsoftee who previously lead our cloud authentication team PM team. David recently took on his new role in my team driving our identity security and services PM team, an area which includes MFA and all of our cloud based security monitoring and machine learning systems. David is going to be a frequent contributor to the AD Team blog going forward as his team has a LOT of exciting capabilities currently in development. So with that, I'll turn it over to David. Best Regards, Alex Simons (Twitter: @Alex_A_Simons ) Director of Program Management Microsoft Identity and Security Services Division --------------------

Greetings everyone!

My name is David Howell. I've worked at Microsoft for many years in Online Services and in Identity, and now I am heading up an effort in our Identity Division to focus on security and protection features for Active Directory, Azure Active Directory and our Microsoft Account service. In my new role, I'm going to be blogging a lot about our security improvements in MFA, Active Directory and Azure Active Directory.

I hope you find our work here and these posts valuable!

Today I'm happy to announce the support of one-way text messaging with One Time Passwords (OTP's) in Azure Multi-Factor Authentication (MFA) server. This has been a feature ask from a lot of our customers.

Azure MFA Server already had support for a variety of options like phone call, two-way text message, mobile app and third party OATH token. The addition of one-way text messaging and OTP's bolsters our MFA story giving customers more options for ways to secure their organization.

What is one-way text message?

One-way text message is an authentication option where users will receive a text message with an OTP. The users will then enters the OTP in the prompt window to complete MFA challenge.

Customers can use one-way text message to secure RADIUS authentication, Web Service SDK and ADFS MFA Adapter.

How do I enable one-way text message for my users?

First of all, install and configure the latest version of the MFA server. To learn more about how to get started with MFA server, check out our video here .

Once you have the MFA server configured, navigate to the Company Settings section and select the One-way option from the Text message dropdown.

I hope you'll find this functionality useful for securing your organization. And as always, we'd love to receive any feedback or suggestions you have.

Best Regards, David Howell (Twitter: @David_A_Howell )

Partner Group Program Manager

Microsoft Identity and Security Services Division

Published Sep 07, 2018
Version 1.0
  • TimAlsop's avatar
    TimAlsop
    Copper Contributor

    This is very useful and a welcome feature, but I have customers who need offline OTP (we are a software vendor and use Azure MFA in our product to authenticate users when they logon to SAP business applications). The cloud version of Azure MFA supports offline OTP but the server version doesn't. Are there any plans to add this to a future version of the sever product ? We can't change our product to communicate with the cloud Azure MFA since Microsoft don't provide any suitable API (e.g. REST API) and we therefore use the server version via RADIUS.