Category: Documentação utilizador

Subject

Setup Molto-1-i MFA device for Microsoft Azure

Content

On a desktop browser, navigate to MFA setup page and from the Security info page, select "Add Method", and "Authenticator App" from the list. 

Hardware MFA tokens for Office 365 / Azure cloud Multi-factor authentication

 

Click "Add" to proceed to the next step. By default, it prompts to use Microsoft Authenticator, which uses a different OTP protocol, which cannot be transferred over to our hardware tokens.

Please click on "I want to use a different authenticator app" to generate a TOTP QR code instead.

Hardware MFA tokens for Office 365 / Azure cloud Multi-factor authentication

On the next window, click "Next" to get the QR code displayed on the screen.

Hardware MFA tokens for Office 365 / Azure cloud Multi-factor authentication

Keep this window open and proceed to next step using your mobile device. 


Burn the token with Token2 Burner App

Turn off the Molto-1 device if powered on, then long-press the power button (for about 5-7 seconds). This should enable “Programming mode” on the device.

TOKEN2 NFC Burner for Molto1 - Android App

Place the device on the NFC antenna area of your phone. A sound or visual notification should indicate a successful NFC link. Please note that on some phone models it is important to place the token exactly over the NFC area. Read more about NFC connectivity here

Launch Token2 Burner App on your device. Click on Scan QR button and scan the QR code shown on the enrollment page as described in the previous step or enter the seed manually or copy&paste from the screen (click on "can't scan image?").

Then, push the button on the token and hold it close to the NFC antenna of your device. Click on "connect"(optional: newer versions of the apps should connect to the token automatically), then "burn seed" button. The app should show "burn seed process succeeded" message if the process is successfully completed.

Hardware MFA tokens for Office 365 / Azure cloud Multi-factor authenticationHardware MFA tokens for Office 365 / Azure cloud Multi-factor authentication


Verify the token and complete the enrollment

After the burn process is completed, click Next and proceed with OTP verification. To verify the OTP, click on Next button, and on the next window, enter the OTP code displayed on your token device.

Hardware MFA tokens for Office 365 / Azure cloud Multi-factor authentication

 Complete the process by clicking on "Next" button.


Frequently asked questions

  • Q. Do I need tenant admin rights in order to use hardware tokens with cloud-hosted Azure MFA?
  • A. Not for cloud Azure MFA. Token2 programmable tokens fully emulate mobile apps, so it can be enabled (and disabled) by end users themselves.
  • Q. Can the programmable token be reused for another user (i.e. if the previous owner left the company)?
  • A. Yes. the programmable tokens are reprogrammable for an unlimited number of times. So the steps described above can be repeated for any user using any Token2 programmable device (even previously owned).
  • Q. Why does the burner app crash when I scan the QR code? 
  • A. The QR code shown by default on this page is in Microsoft's proprietary format (phonefactor protocol) and is not compatible with the QR reader component of our app. Please make sure you switch to "Configure app without notifications" mode before scanning the QR code.
  • Q. Can I use both hardware and software token simultaneously?
  • A. Yes, as long as "Configure app without notifications" option is maintained. When you see the QR code after clicking "Configure app without notifications" you can scan it using a mobile app (such as Google Authenticator or Token2 Mobile OTP) before continuing with burning the seed on the programmable token.
  • Q. Why a hardware token more secure than other methods such as mobile apps, texts or voice calls?
  • A. Physical hardware tokens are a much more secure protection a user can currently have. A separate, isolated device generates OTP codes fully offline without any need for Internet or any other network access. There is no potential way for attacker access nor infect the device or intercept the generated one-time passwords. In case a hardware token is lost or stolen the user will notice it right away. This is not the case with a mobile app running on an infected mobile device or a text message intercepted at the GSM network level; with these methods, the victim may not even be aware of the attack at all.

 


Links

Androip app

Iphone app

Windows app

Writer: Joseba Salazar
Created on 2022-06-30 22:03
Last update on 2022-07-01 11:22
119 views
This item is part of the FAQ