You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To enable the certificate-based authentication and configure user bindings in the Azure portal, complete the following steps:
62
+
To enable the certificate-based authentication and configure user bindings in the Microsoft Entra admin center, complete the following steps:
63
63
64
-
1. Sign in to the [Azure portal](https://portal.azure.com) as a Global Administrator.
65
-
1.Click **Azure Active Directory**> **Security**.
64
+
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as a [Global Administrator](../roles/permissions-reference.md#global-administrator).
65
+
1.Browse to **Protection** > **Authentication methods**> **Certifacte-based authentication**.
66
66
67
67
:::image type="content" border="true" source="./media/how-to-certificate-based-authentication/certificate-authorities.png" alt-text="Screenshot of certification authorities.":::
68
68
@@ -144,11 +144,10 @@ For more information, see [Understanding the certificate revocation process](./c
144
144
>[!IMPORTANT]
145
145
>A user is considered capable for **MFA** when the user is in scope for **Certificate-based authentication** in the Authentication methods policy. This policy requirement means a user can't use proof up as part of their authentication to register other available methods. If the users do not have access to certificates they will be locked out and not be able to register other methods for MFA. So the admin needs to enable users who have a valid certificate into the CBA scope. Do not use all users for CBA target and use groups of users who have valid certificates available. For more information, see [Azure AD MFA](concept-mfa-howitworks.md).
146
146
147
-
To enable the certificate-based authentication in the Azure portal, complete the following steps:
147
+
To enable the certificate-based authentication in the Microsoft Entra admin center, complete the following steps:
148
148
149
-
1. Sign in to the [Azure portal](https://portal.azure.com) as an Authentication Policy Administrator.
150
-
1. Select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
151
-
1. Under **Manage**, select **Authentication methods** > **Certificate-based Authentication**.
149
+
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
150
+
1. Browse to **Protection** > **Authentication methods** > **Certificate-based Authentication**.
152
151
1. Under **Enable and Target**, click **Enable**.
153
152
1. Click **All users**, or click **Add groups** to select specific groups.
154
153
@@ -164,11 +163,10 @@ Once certificate-based authentication is enabled on the tenant, all users in the
164
163
165
164
The authentication binding policy helps determine the strength of authentication to either a single factor or multi factor. An admin can change the default value from single-factor to multifactor and configure custom policy rules by mapping to issuer Subject or policy OID fields in the certificate.
166
165
167
-
To enable Azure AD CBA and configure user bindings in the Azure portal, complete the following steps:
166
+
To enable Azure AD CBA and configure user bindings in the Microsoft Entra admin center, complete the following steps:
168
167
169
-
1. Sign in to the [Azure portal](https://portal.azure.com) as an Authentication Policy Administrator.
170
-
1. Select **Azure Active Directory**, then choose **Security** from the menu on the left-hand side.
1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least an [Authentication Policy Administrator](../roles/permissions-reference.md#authentication-policy-administrator).
169
+
1. Browse to **Protection** > **Authentication methods** > **Policies**.
172
170
1. Under **Manage**, select **Authentication methods** > **Certificate-based Authentication**.
173
171
174
172
:::image type="content" border="true" source="./media/how-to-certificate-based-authentication/policy.png" alt-text="Screenshot of Authentication policy.":::
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/howto-mfa-getstarted.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -5,11 +5,11 @@ ms.service: active-directory
5
5
ms.subservice: authentication
6
6
ms.custom: has-azure-ad-ps-ref
7
7
ms.topic: how-to
8
-
ms.date: 03/06/2023
8
+
ms.date: 09/13/2023
9
9
ms.author: justinha
10
10
author: justinha
11
11
manager: amycolannino
12
-
ms.reviewer: michmcla
12
+
ms.reviewer: jpettere
13
13
ms.collection: M365-identity-device-management
14
14
---
15
15
# Plan an Azure Active Directory Multi-Factor Authentication deployment
@@ -243,7 +243,7 @@ You can monitor authentication method registration and usage across your organiz
243
243
244
244
The Azure AD sign-in reports include authentication details for events when a user is prompted for MFA, and if any Conditional Access policies were in use. You can also use PowerShell for reporting on users registered for Azure AD Multi-Factor Authentication.
245
245
246
-
NPS extension and AD FS logs for cloud MFA activity are now included in the [Sign-in logs](../reports-monitoring/concept-sign-ins.md), and no longer published to **Security** > **MFA** >**Activity report**.
246
+
NPS extension and AD FS logs for cloud MFA activity are now included in the [Sign-in logs](../reports-monitoring/concept-sign-ins.md), and no longer published to the**Activity report**.
247
247
248
248
For more information, and additional Azure AD Multi-Factor Authentication reports, see [Review Azure AD Multi-Factor Authentication events](howto-mfa-reporting.md#view-the-azure-ad-sign-ins-report).
0 commit comments