Free Demo
Menu
Login
Free Demo

Enable MFA

by Allister Moore, on Jul 29, 2019 4:08:02 PM

Why do this..

Microsoft have introduced a new mandatory model to increase security for Partner Center API Integration calls. To facilitate this you are required to complete the stages documented below by 1st August 2019 to ensure that Cloudmore services can run without interruption.

If you have any queries or require assistance with the process please mail us at platformsupport@cloudmore.com 

 

  1. Enable the Required MFA for Admin Baseline Policy (Microsoft Partner Centre)

Required MFA for admins  is a baseline policy that requires MFA every time one of the following privileged administrator roles signs in:

  • Global administrator
  • SharePoint administrator
  • Exchange administrator
  • Conditional Access administrator
  • Security administrator
  • Helpdesk administrator / Password administrator
  • Billing administrator
  • User administraton

Upon enabling the Required MFA for admins policy, the nine administrator roles above will be required to register for MFA using the Authenticator App. Once MFA registration is complete, administrators will need to perform MFA every single time they sign-in

Baseline policy: Required MFA for admins comes pre-configured and will show at the top when you navigate to the Conditional Access page in the Azure Portal.

To enable this policy and protect your administrators

  1. Sign in to the  Azure Portal  as global administrator, security administrator, or conditional access administrator.
  2. Browse to Azure Active Directory > Conditional Access.
  3. In the list of policies, select Baseline policy: Require MFA for admins.
  4. Set Enable policy to use policy immediately.
  5. Click  Save.

MFA1

2. Enable the end user protection policy (Microsoft Partner Centre)

Enabling this policy requires all users to register for MFA using the Authenticator App.
Users can ignore the MFA registration prompt for 14 days, after which they will be blocked from signing in until they register for MFA. Once registered for MFA, users will be prompted for MFA only during risky sign-in attempts. Compromised user accounts are blocked until their password is reset and risk events have been dismissed.
Baseline policy: End user protection comes pre-configured and will show up at the top when you navigate to the Conditional Access blade in Azure Portal.

To enable this policy and protect your users:

  1. Sign in to the  Azure Portal as global administrator, security administrator, or Conditional Access administrator.
  2. Browse to Azure Active Directory > Conditional Access.
  3. In the list of policies, select Baseline policy: End user protection (preview).
  4. Set Enable policy to use policy immediately.
  5. Click  Save.

MFA2

3. Enable the Cloudmore Platform

  1. Login to the Cloudmore platform.
  2. Go to My services> 0365 > Microsoft CSP Authentication. 
  3. When presented with the screen shown below enter your Microsoft ID which you can find at My services> 0365 > Authentication keys and copy the partner tenant ID.
  4. Press Update, you will then be directed to the MS Partner Centre where you must sign in with a Global Admin account and you will be asked to grant consent for this process.
  5. This will apply a token for a period of 90 Days. At the end of the 90 days you will receive a notification to warn that this has expired and pressing Update will apply a new token.

MFA3

Topics:CSP Setup

Comments