For most authentication or login attempts, users provide some form of credential (usually a username and a password). The methods of authenticating a user's identity typically fall into one of the following three categories:

• Something the user knows: A password is the most common example of this method.
• Something the user has: This can some sort of login device, such as a smart card, or it can be a text or phone call to a phone number previously registered with the system that the user is attempting to access.
• Something the user is: With this method, the user must supply some sort of biometric input, such as a fingerprint, iris scan, or voice passcode.

There are a lot of scenarios, however, where a simple username and password or even a single method may not be enough to secure valuable resources. In such cases, organizations may wish to further challenge a user during the login process to verify their identity. Multi-factor authentication provides this ability by adding a second method of authentication.

Azure Active Directory has a native multi-factor authentication service that can be used to further protect users and administrators and only needs to be enabled. Today, the following options can be used to further authenticate users with Azure multi-factor authentication:

• SMS or text message
• Phone call
• One-time passcode on a hardware or software token
• Confirmation prompt on registered authentication app

Azure multi-factor authentication has several features, such as self-service secure registration or the ability for users to bypass multi-factor authentication if they are connecting from secure, known networks. More in-depth information about the configuration capabilities of Azure multi-factor authentication, including steps to configure third-party tokens for verification, can be found at https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-mfa-howitworks.

Microsoft Azure Active Directory provides several different identity and authentication models, as well as security controls to provide a strong level of protection for your organization. Implementing conditional access and Azure multi-factor authentication can help organizations verify that users who are presenting credentials and attempting to obtain access to resources are authorized to do so and are using compliant devices.