Azure AD - Skipping Multi-Factor Authentication on Trusted Devices

A new feature on Azure Active Directory allows your users to validate their identify credentials against a trusted device used as a MFA element. This eliminates the need to use MFA on that trusted device against those credentials.

Richard Hay, Senior Content Producer

April 16, 2016

2 Min Read
Azure AD - Skipping Multi-Factor Authentication on Trusted Devices

We have all likely experienced the use of multi-factor authentication (MFA) at some point these days.

The concept behind MFA is that you already have a set of credentials that grant you access to websites and services.  By adding the use of an authenticated device such as your phone or a computer you introduce another layer of security that is needed beyond your username and password to gain access to that website or service.

The most common methods of MFA we use these days is a PIN code sent over SMS to trusted smartphone device or the generation of a code using an authentication app that is provided following a username and password to authenticate our identify.

One other way is by accessing that website or service from a trusted device itself. By creating a unique string that is generated from the device you are logging in from, that website or service can now trust the username and password without needing the next level of MFA to be authenticated. This all happens because the combination of browser and hardware matches from a previously authenticated MFA session.

Of course, if you change hardware or devices then you will be prompted to use MFA to then add that additional device to the trusted list. The period of time that a trusted device is trusted can also be established so that a new prompt for MFA is generated to re-validate the user and their trusted device.

Although this feature has been implemented on consumer facing services for sometime, it has never been an option when it comes to Azure Active Directory until now.

According to Alex Simons, Director of Program Management for the companies Identity Products and Services, this feature has just reached General Availability for Azure Active Directory customers.

A step by step of how to implement this trusted device feature on your Azure AD setup is available at the Active Directory Team Blog.

But, wait...there's probably more so be sure to follow me on Twitter and Google+.

----------

Looking for an awesome, no-nonsense technical conference for IT Pros, Devs, and Devops? Check out IT/Dev Connections!

IT/Dev Connections

About the Author

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like