Professional Documents
Culture Documents
1. Login to Azure
For this challenge, you have either elected to use your own subscription or have created a new Azure
subscription using the provided Azure Pass (or Free Trial). If you want to switch to use the provided
Azure Pass the promotion code is displayed on the My Account page on the
http://challenge.azurecon.com web site. If there is no promo code displayed, you will need to use the
free trial - http://azure.microsoft.com/pricing/free-trial.
Azure has TWO management portals - the classic portal (http://manage.windowsazure.com) and a new
portal that is in Preview at http://portal.azure.com. You will use the classic portal in this challenge.
1.
2.
Enter your Microsoft Account email address and password for the Microsoft Account
you associated with your Azure Pass or your own subscription.
3.
You will now be in your Azure subscription (see opposite) and from here you can create and
manage Azure services.
1.
2.
3.
4.
5.
Leave first name and last name blank and enter CoAdmin MFA as the Display Name.
6.
For ROLE, select Global Administrator. Enter foo@bar.com in the alternate email address (it is not validated).
7.
8.
Click NEXT and then click the CREATE button to generate the temporary password.
9.
Dont close this dialog..! Copy the user name value which will be something coadminMFA@<your email address>.onmicrosoft.com.
10.
You have to reset the password for this account. To do that OPEN a new In-Private Browser session. Then go to this url:
https://login.microsoftonline.com
11.
12.
Switch back to the Azure portal and copy the temporary password. Switch back to the login and paste the password in there and click sign-in.
13.
Paste the current temporary password in again and enter your NEW password remember this! Click Update Password and Sign In.
Page | 1
14.
Close the in-private browser you now have a new user with a new password..!
15.
16.
Copy the username again to the clipboard and click OK (the tick) on the dialog.
17.
Hover over the left navigation bar and scroll all the way to the bottom and click the settings icon (opposite).
18.
Click the Administrators tab and click the ADD button at the bottom. Paste in your coadminMFA username from
above, check the Azure Pass subscription (or your own subscription name). It should look like this below (after Azure
successfully validates your account in Azure AD).
19.
Click OK.
Go to the ACTIVE DIRECTORY category in the portal and click on your Default Directory.
2.
3.
Click the Try Azure Active Directory Premium now link and click OK to the message.
4.
After 10-20 seconds, click the refresh link and you should see your trial activated. You will see something like this:
5.
At the bottom of the portal, click the ASSIGN button (you may have to refresh the portal). You will see a dialog with your coadminMFA account
listed. Click that account and this will add a value to the assign column on the dialog. Click OK. You will see 1 assigned user on the AD Premium
Licences screen.
6.
Click on the CONFIGURE tab. You should see a Customize Branding button (only
assigned users will see this). Click the button.
7.
You need some images and content to customize your login page. Download the .zip
file from this url:
http://az809253.vo.msecnd.net/docs/assets/AzureActiveDirectoryFiles.zip
8.
9.
10.
11.
12.
13.
14.
15.
Leave the background color blank and the rest of the default values. Click OK.
Page | 2
16. Now you are going to see this change on login. Just so you remember your login, click the Users tab
17.
Copy the User Name from the username column for your CoAdminMFA account
18.
To CHECK that this is working, open a new in-private browser session. You are going to sign in to the new Preview Portal, so go to
http://portal.azure.com
19.
Paste in your username (Ctrl-V) in the Email or Phone field. When you tab to the password field, that is the time that Azure will recognize what
directory you want to login to and if that directory has any custom branding to apply. If you dont see your custom branding, it just has not been
propagated yet it can take up to an hour to do this.
20. You are now in the NEW Azure Preview Portal. This new experience will be the new way you create and manage your Azure resources. Not all
services (including Active Directory) have been moved over to the preview portal yet this will happen over the next several months. In the mean
time you will likely have to switch between the current and preview portals during the transition.
21.
Back in the Azure Classic Portal, on your Default Directory, click on the Configure tab.
2.
Scroll down and you will see a MULTI-FACTOR AUTHENTICATION section, click the Manage Service Settings link.
3.
You might have to sign-in again use your normal Azure subscription login.
4.
5.
Click the check box next to the coadminMFA account and in the Quick Steps box on the right, click Enable.
6.
Click the Enable Multi-Factor Auth button in the warning dialog and then click CLOSE after completion.
The user now has to configure HOW they want to participate with muti-factor auth
you will do that next.
7.
In the Portal, click on your username (top right) and click Sign-Out and then on the
next screen, click Sign-In
8.
Sign-In with your coadmin account (it should still be on the clipboard if you need it).
9.
If you setup MFA correctly, you will get this message on the login screen.
10.
Click Set it up now. You might also get the customized branding at this point as
well.
11.
The BEST method to use, is the Authentication Phone (you have Office Phone or
Mobile App choices as well.
12.
Enter your own CELL PHONE number and select the Send Me a Code by Text
Message option. Click CONTACT ME.
13.
When you receive the SMS code, enter it and click VERIFY and then click DONE.
You will be logged into Azure now.
14.
Lets finish by going through the actual login workflow. Click on your login name and click Sign-Out and
then click Sign-In
15.
16.
Now you will get a box to enter an SMS code, and a code will be sent to your phone. Enter that code and you
will be logged in.
--- END OF LAB --Go back to the AzureCon Challenge web site (http://challenge.azurecon.com) and complete the challenge question to get your points.
REMEMBER: You only have one chance at the question, make sure you really know the answer!
Page | 3