Multi-factor Authentication Flashcards
What are the two fraud alert options when the ‘Allow users to submit fraud alerts’ setting is turned on?
- Automatically block users who report fraud
- Code to report fraud during initial greeting
(this code is what the user will need to enter before pressing # when reporting a fraudulent attempt)
Explain the “Trusted IPs” feature.
Trusted IPs is a feature of Azure AD Multi-Factor Authentication that allows a user to bypass multi-factor authentication prompts when signing in from a defined IP address range.
True or False:
Trusted IPs can include private IP ranges when using cloud-based Azure AD Multi-Factor Authentication.
False
Trusted IPs can include private IP ranges only when you use MFA
Server. When using cloud-based Azure AD Multi-Factor Authentication, you can only use public IP
address ranges.
Explain the “Call to phone” verification method.
Places an automated voice call. The user answers the call and presses # in the
phone keypad to authenticate. The phone number is not synchronized to on-premises Active
Directory
Explain the “Text message to phone” verification method.
Sends a text message that contains a verification code. The user is
prompted to enter the verification code into the sign-in interface. This process is called one-way
SMS. Two-way SMS means that the user must text back a particular code. Two-way SMS is
deprecated and not supported after November 14, 2018. Administrators should enable another
method for users who previously used two-way SMS
Explain the “notification through mobile app” verification method.
Sends a push notification to your phone or registered device.
The user views the notification and selects Verify to complete verification. The Microsoft
Authenticator app is available for Windows Phone, Android, and iOS.
Explain the “Verification code from mobile app or hardware token” verification method.
The Microsoft Authenticator app
generates a new OAUTH verification code every 30 seconds. The user enters the verification code
into the sign-in interface. The Microsoft Authenticator app is available for Windows Phone,
Android, and iOS
What does Microsoft’s manual say about manually enforcing MFA through the multi-factor authentication admin page?
Do not select ‘enforce’. The user will automatically be switched to enforce when they set up their MFA.
What is Fraud Alert used for?
Allows users to report fraud if they receive a two-step verification request that they didn’t initiate.
What is One-Time Bypass?
A feature that allows a user to authenticate one time without performing a 2-step verification for a limited time. This only works for MFA server (On-prem).
True or False:
A user can choose when they want to use One-Time Bypass without administrator intervention.
False
An administrator must navigate to Multi-factor Authentication > Manage MFA Server > One-time bypass > + Add, then select the user that this setting will apply to.
