Re: two questions regarding two-factor authentication.

Hideo · ‎06-12-2024

Hello,

I have two questions regarding two-factor authentication.

The first question is about the application used to manage two-factor authentication codes: Microsoft’s “Authenticator” app is not supported, but the “Okta Verify” app is supported. Is there a list of applications that are compatible with Intel EMA for managing two-factor authentication codes?

The second question is whether it is possible, with administrative rights, to set up two-factor authentication for another user’s account from the beginning?

That’s all. I look forward to your reply.

Best regards,

Hideo.

vij1 · ‎06-12-2024

Hello Hideo,

Greetings!

Thank you for the clarification. To summarize your points:

Compatible Authenticator Apps with Intel EMA

Intel EMA supports any authenticator app that uses the following encryption algorithms:

- SHA1

- SHA256

- SHA512

It is necessary to configure Intel EMA according to the encryption type in the Settings tab. For more detailed instructions on setting up Two-Factor Authentication (2FA), please refer to Section 2.2 of the documentation:

[Intel EMA Documents]( https://downloadadmirror.intel.com/646990/Intel_EMA_Documents1.13.0.zip

).

Setting Up 2FA for Other Users

Yes, a tenant administrator has the capability to set up 2FA for additional users.

Best Regards,

Vijay N.

Hideo · ‎06-12-2024

Hello

Vijay N.

Thank you for your response.

Is it possible to force users to implement the 2FA authentication setting when logging in for the first time on IntelEMA?
Or is there a similar setting?

Also, I was not able to set up 2FA with the "Microsoft Authenticator" authentication application." Does "Microsoft Authenticator" support 2FA settings for IntelEMA?

■Microsoft Authenticator
https://play.google.com/store/apps/details?id=com.azure.authenticator

Best Regards,

Hideo.

Mr_vPro · ‎06-13-2024

Hi Hideo,

I can confirm MS Authenticator app for Android works with Intel EMA 1.13.
I use it for one of our demo EMA instances.

You may need to try to enroll it again ( didn't work for first time for me).
You need to see your EMA identity FQDN in Authenticator to enroll it.

Rgds
Darek

vij1 · ‎06-12-2024

Hello Hideo,

Thank you for providing the details. We are currently reviewing the information and we will reach out to you as soon as possible. We request your patience during this time.

Regards,

Vijay N.

Hideo · ‎06-13-2024

Hello

Vijay N.

Thank you for your response.

>>I can confirm MS Authenticator app for Android works with Intel EMA 1.13.

Thank you for confirming the above.

By the way, is Microsoft Authenticator for iphone supported?

Microsoft Authenticator(iphone)
https://apps.apple.com/jp/app/microsoft-authenticator/id983156458

We are waiting for your answer to the following question as well.

＞Is it possible to force users to implement the 2FA authentication setting when logging in for the first time on IntelEMA?
＞Or is there a similar setting?

Best Regards,

Hideo.

vij1 · ‎06-13-2024

Hello Hideo,

Greetings!

Please find the below link for Authenticator app not working with sha-256 and sha-512 hash algorithm:

https://answers.microsoft.com/en-us/msoffice/forum/all/authenticator-app-not-working-with-sha-256-and-sha/f0023746-2d4b-499e-aee5-2463d96a8144

Regards,

Vijay N.

vij1 · ‎06-14-2024

Hello Hideo,

Greetings!

I am providing you with an update based on our lab results.

Microsoft Authenticator worked with SHA1 encryption only. However, it remained enrolled even after changing the EMA security to SHA256 and SHA512.

Regards,

Vijay N.

Hideo · ‎06-15-2024

Hello

Vijay N.

Thank you for your response.

We look forward to your answers to the following questions. What is the current situation?

＞Is it possible to force users to implement the 2FA authentication setting when logging in for the first time on IntelEMA?
＞Or is there a similar setting?

I am waiting for your reply.

Best Regards,

Hideo.

vij1 · ‎06-17-2024

Hello Hideo,

Greetings!

I wanted to inform you that, currently, only Windows authentication is supported. Unfortunately, Azure Entra with local authentication is not possible at this time.

Best regards,

Vijay N

Hideo · ‎06-17-2024

Hello

Vijay N.

Thanks for the reply.
This is not the answer I want, so I will change the question.

Here is my question.
From the management console, when a user logs in for the first time, as shown in the attached image,
After clicking "Log In" on the login screen in ①,

Is it possible to force a transition to the "Enroll in Two-Factor Authentication" screen in ② and force the user to register Two-Factor Authentication?

The purpose of my question is "I want to force the MFA setting at the first login.

We look forward to your reply.

Best Regards,

Hideo.

vij1 · ‎06-18-2024

Hello Hideo,

To enforce 2FA from the beginning, you need to configure and enable two-factor authentication within your Windows AD or Azure AD environment. This typically involves setting up policies or configurations that mandate 2FA for user authentication.

Please note, if you are using EMA local user authentication, it is not possible to force the 2FA.

Regards,

Vijay N.

vij1 · ‎06-21-2024

Hello Hideo,

I am following up on the case and wondering if I can help you with anything else.

Regards,

Vijay N.

vij1 · ‎06-24-2024

Hi Hideo,

Greetings!

I'm reaching out to follow up on your case. Please let me know if there's anything else you need assistance with.

Regards,

Vijay N.