Multi-Factor Authentication For Windows Azure Hosted Apps
Microsoft recently announced preview of Multi-Factor Authentication in Windows Azure. This can be enabled for Windows Azure Management portal, Microsoft Online Services such as Office 365, as well as custom applications.
Code-named “Active Authentication”, the service adds a second layer of security to Windows Azure Service Directory; it verifies sign-ins using a mobile app, phone call or a text message. Using an SDK, you can leverage this multi-layer security into your own applications. There are several options available -
Automated phone calls – to any landline or mobile – the user simply answers the call and presses # on the keypad to complete their sign-in
Text messages – containing one-time passcode
Active Authentication mobile apps – available for Windows Phone, Android and IOS devices. When the user signs-in a notification is pushed to the device and the user taps to approve or deny the request. The app can also be used to generate a one-time password in case of spotty coverage.
End Users can choose their preferred mode of authentication. The last option is currently not available for SDK users, but is available with Microsoft services and other third-party services integrated with Windows Azure. For administrators, several useful reports are available, such as the fraud alert report.
The service is available with both a per-user and per-login pricing.
Windows Azure Active Directory (Windows Azure AD) is a service that provides identity and access management capabilities in the cloud. It can integrate with on-premises Active Directory or work stand-alone. Users can continue to use Windows Azure AD without necessarily using Active Authentication.
Brandon Holt, Preston Briggs, Luis Ceze, Mark Oskin May 21, 2015
Kai Kreuzer, Olaf Weinmann May 21, 2015