![]() You'll need to provide this information to Azure to complete Duo authentication setup. Note the Custom control JSON text in the "Details" section of the page. Once you've signed in to Azure, you must check the box next to Consent on behalf of your organization and then click Accept to grant Duo the read rights needed to access and read from your Azure Active Directory tenant.Īccepting the Duo Azure Authentication application's permissions request redirects you back to the Microsoft Azure Active Directory application page in the Duo Admin Panel. If required, complete Azure MFA for that service account admin user.ĭuo does not see or store your Azure Active Directory administrator credentials. Sign in with the designated Azure service administrator account that has the global administrator role for this Azure Active Directory. Click the Authorize button, which takes you to the Azure portal. See Protecting Applications for more information about protecting applications in Duo and additional application options.īefore you can proceed, Duo needs read access to your Azure Active Directory tenant. Log in to the Duo Admin Panel and navigate to Applications.Ĭlick Protect an Application and locate Microsoft Azure Active Directory in the applications list. This service account may or may not require Azure MFA for admins at login ( learn more about the baseline MFA policy for Azure admins).īefore starting these steps, you should either not be logged in to the Microsoft Azure administration portal at all, or be logged in as the designated service account for Duo you created as a prerequisite. This account needs the Azure Global Administrator role during Duo setup, but you can reduce the service account's role privileges later. Microsoft 365 E3, E5, and F3 plans, Enterprise Mobility + Security E3 and E5 plans, and Microsoft Business Premium include Azure AD Premium.Ī designated Azure admin service account to use for authorizing the Duo application access. Video OverviewĪn active Azure AD Premium P1 or P2 subscription including Conditional Access, with the P1/P2 licenses assigned to each user that will log in using Duo MFA. Please refer to How to: Block legacy authentication to Azure AD with Conditional Access to learn how to control access from these client applications. You can use Conditional Access to block authentication from legacy Office clients that cannot support modern authentication. Microsoft relies upon modern authentication workflows to invoke Conditional Access policies, which in turn apply Duo's MFA custom control.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |