Business Central two-factor authentication (2FA)
Microsoft has been requesting that two-factor authentication be enabled for a few days in order to access Dynamics 365 Business Central. Obviously it is requested for security reason, if the user does not activate this mode in time, he will no longer be able to access Business Central.
There are several ways to activate it, depending on your needs, below will be illustrated. It seemed useful to me to talk about this because some have asked me what is the best solution to adopt.
#1 – Install Microsoft Authenticator APP (Windows, Android, IOS)
Now install Microsoft Authenticator, without activating it, activation will be done later.
Nice link here: “How to setup and use the Microsoft Authenticator app”
Android install Link https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=it
#2 – From Business Central Page – Admin button
Click on APPS Button, after Admin button
#3 – Open User Section – Click on “multi-factor” authentication
(configuration for Office 365 Users)
..or from this page (it’s the same), by clicking on request “multi-factor authentication”
Through the Active Directory management console, it is possible to set the thing for a single user, all users, the whole organization.
Active Directory: ALL USERS
For ALL USERS > Check “Multi-factor”
Multi-factor activation Step by Step use “QUICK STEPS”
The “multi-factor” authentication activation window will appears.
Once the request is activated, when the user tries to access Business Central, he will be asked to set the required method for the double factor authentication
Multi-factor On-Demand Configuration Wizard
- By Phone (personal)
- By Office Phone
- By Mobile APP (Microsoft Authenticator) I suggest the APP
Choose APP in this scenario
Click “Configure” > Request a notification to activate or SCAN a QRCODE
You can activate the current user on Microsoft Activator APP in many ways:
- Scanning the QR-CODE
- Calling the Phone
- Opening a dedicated page link
Example: Scanning QR-CODE
Try to open Business Central again… Business Central is waiting for the authorization request from the APP to arrive … after this you can access.
The Pre-login “Approval Request page” will appears, you can use for 60 days without additional requests, this can be useful for users used as services (eg Users for Web Services) who do not login ondemand.
Second Method (backup method)
You can assign a phone number as backup (if you lost the configured APP) or for safety if the first set method is not available.
In this case: PHONE
EXAMPLE OF SCENARIO
Configuration for “Admin” User
- Main authentication > through the APP
- Backup authentication > via PHONE (if the APP does not work, if I lose the APP etc. etc.)
After these steps… you can correctly connect to your Business Central tenant with your Office 365 User!