AZ-900: Multi-Factor Authentication (MFA) and Single Sign-On (SSO)

Posted on by Datablog

Managing access securely and conveniently is a core part of working in the cloud. Microsoft Entra ID supports both Single Sign-On (SSO) and Multi-Factor Authentication (MFA) to help meet this need.

at is Single Sign-On (SSO)?

Single Sign-On (SSO) lets users sign in once and access multiple applications and services without needing to re-enter their credentials.

  • With SSO, you only need to remember one set of credentials.
  • This enhances user experience and improves productivity.
  • It also reduces the number of password reset requests.

SSO can work with a variety of authentication methods. In addition to traditional usernames and passwords, SSO can support:

  • Digital certificates
  • Windows Hello for Business (biometric and PIN-based sign-ins)
  • Hardware security keys

SSO makes it easier for users to get access, while also reducing friction for IT support teams.

What is Multi-Factor Authentication (MFA)?

Multi-Factor Authentication (MFA) adds a layer of security by requiring at least two forms of identity verification during sign-in. These forms fall into three categories:

  1. Something you know – like a username and password.
  2. Something you have – such as:
    • A mobile phone
    • A verification code
    • The Microsoft Authenticator app
    • A phone call or email confirmation
  3. Something you are – including:
    • A fingerprint
    • A facial recognition scan

For example, after entering your password, you may also be required to confirm a code sent to your phone. This makes it much harder for attackers to gain access, even if they know your password.

MFA is often required by compliance frameworks and is strongly recommended for all users, especially those with administrative rights.

When to Use Them

  • Use SSO to simplify access across systems and improve the user experience.
  • Use MFA to protect accounts from unauthorized access, especially when sensitive data or actions are involved.

Together, SSO and MFA balance convenience and security for users and organizations alike.

Want to see how these work in real scenarios? Our AZ-900 video course walks through how SSO and MFA are configured and used in Azure environments – or click here to go back to the AZ-900 list of requirements.

Please click here to find out more about Microsoft’s AZ-900 exam.

author avatar
Datablog
See Full Bio

Leave a Reply

Your email address will not be published. Required fields are marked *