Windows Azure Multi-Factor Authentication, powered by PhoneFactor, helps reduce organizational risk and enable regulatory compliance by providing an extra layer of authentication, in addition to a user’s account credentials, to secure employee, customer, and partner access. Windows Azure Multi-Factor Authentication can be used for both on-premises and cloud applications.

Get security AND convenience
Windows Azure Multi-Factor Authentication safeguards access to your data and applications while addressing user demand for a simple sign-in process. The service offers enhanced protection from malware threats, and real-time alerts notify your IT department of compromised account credentials. Multi-Factor Authentication delivers strong security via a range of easy authentication options, including mobile apps, phone calls, and text messages, allowing users to choose the method that works best for them. Support for multiple methods ensures that users can always be reached for additional authentication.

Add it to on-premises applications
Use the Multi-Factor Authentication Server to enable additional authentication for on-premises applications such as remote access VPNs and web applications, as well as cloud applications using Active Directory Federation Services. Sync with Windows Server Active Directory or another LDAP directory to streamline user management. Run the Multi-Factor Authentication Server on your existing hardware or in a Windows Azure Virtual Machine. Multiple, redundant servers can be configured for high availability and fail-over.

Turn it on for Windows Azure Active Directory (Windows Azure AD)
Use Multi-Factor Authentication to secure access to Windows Azure, Microsoft Online Services like Office 365 and Dynamics CRM Online, as well as 3rd party cloud services that integrate Windows Azure AD. Simply enable Multi-Factor Authentication for Windows Azure AD identities, and users will be prompted to set up additional verification the next time they sign in.

Build it into your applications
A Software Development Kit (SDK) enables direct integration with your cloud services. Build Multi-Factor Authentication phone call and text message verification methods into your application’s sign-in or transaction processes and leverage your application’s existing user database.

HOW IT WORKS
Windows Azure Multi-Factor Authentication is an enterprise authentication service that leverages a user’s phone as the trusted device for the second factor. Here’s how it works:

Step 1
A user signs in with their existing username and password.

Step 2
After the user’s credentials are verified, Multi-Factor Authentication is initiated using the mobile app, phone call, or text message.

Mobile App: Pushes a notification to the Multi-Factor mobile app on the user’s smartphone or tablet. The user taps “Verify” in the app to authenticate. Alternately, the app can also be used as an OTP token for offline authentication. The user enters the token into the sign-in screen to authenticate.

Phone Call: Places an automated voice call to the user. The user answers the call and presses # in the phone keypad to authenticate.

Text Message: Sends a text message containing a passcode to the user. The user either replies to the text message with the passcode or enters the passcode into the sign-in interface.