如何设置其他安全性验证的首选方式How to set up your preferred method for additional security verification

当管理员已将你的帐户配置为要求必须同时使用密码和手机响应以验证你的身份时,将使用“其他安全性验证”设置。Additional security verification settings are used when an admin has configured your account to require that both your password and a response from your phone must be used to verify your identity. 如果管理员已将你的帐户配置为需要其他安全性验证,则你在完成自动注册过程之前将无法登录。If an administrator has configured your account to require additional security verification, you will be unable to sign in until you have completed the auto-enrollment process.

在配置帐户后首次登录时,系统将提示你开始进行自动注册过程。The first time that you sign in after your account has been configured, you will be prompted to begin the auto-enrollment process. 可以通过单击“立即设置”开始执行此过程。You can begin this process by clicking Set it up now.

提示用户为帐户注册其他安全性验证的屏幕截图

使用注册过程,你将能够指定首选的身份验证方法。Using the enrollment process, you will be able to specify your preferred method of identity verification. 此方法可以是下表所列选项中的任何一种。This can be any of the following options listed in the table below. 如需更多信息(包括演练),只要单击其中一种方法即可。For additional information, including a walk-through, simply click on one of the methods.

方法Method 说明Description
移动电话呼叫Mobile Phone Call 对身份验证电话号码进行自动语音呼叫。Places an automated voice call to the authentication phone number. 用户接听电话,并按电话拨号键盘中的 # 进行身份验证。The user answers the call and presses # in the phone keypad to authenticate. 此电话号码将不会同步到本地 Active Directory。This phone number will not be synchronized to the on-premises Active Directory.
手机短信Mobile Phone Text Message 向用户发送包含验证码的短信。Sends a text message containing a verification code to the user. 系统会提示用户使用验证码回复短信或在登录界面中输入验证码。The user is prompted to either reply to the text message with the verification code or to enter the verification code into the sign-in interface.
办公电话呼叫Office Phone Call 对用户进行自动语音呼叫。Places an automated voice call to the user. 用户接听电话,并按电话拨号键盘中的 # 进行身份验证。The user answers the call and presses # in the phone keypad to authenticate.
移动应用Mobile App 将通知推送到用户的智能手机或平板电脑上的 Azure 验证器移动应用。Pushes a notification to the Azure Authenticator mobile app on the user’s smartphone or tablet. 用户在应用中点击“验证”进行身份验证。The user taps Verify in the app to authenticate. 此外,该应用程序还可以用作进行脱机身份验证的 OTP 令牌。Alternately, the app can also be used as an OTP token for offline authentication. 用户在登录屏幕上输入令牌进行身份验证。The user enters the token into the sign-in screen to authenticate.

Azure 验证器应用可以 2 种不同模式运行,以提供多重身份验证服务能够提供的附加安全性。这两种模式是:_The Azure Authenticator app can operate in two different modes to provide the additional security that a multi-factor authentication service can provide. These are the following:

  • 通知 - 在此模式下,Azure 验证器应用可防止对帐户进行未经授权的访问并停止欺诈性交易。Notification - In this mode, the Azure Authenticator app prevents unauthorized access to accounts and stops fraudulent transactions. 此功能是使用推送到你的手机或已注册设备上的通知来完成的。This is done using a push notification to your phone or registered device. 直接查看通知,如果该通知是合法的,则选择“身份验证”。Simply view the notification and, if it is legitimate, select Authenticate. 否则,你可以选择“拒绝”或选择拒绝并报告欺诈性通知。Otherwise you may choose Deny or choose to deny and report the fraudulent notification. 有关报告欺诈性通知的信息,请参阅“如何针对多重身份验证使用‘拒绝并报告欺诈’功能”。For information on reporting fraudulent notifications see How to use the Deny and Report Fraud Feature for Multi-Factor Authentication.
  • 一次性密码 - 在此模式下,Azure 验证器应用可用作生成 OATH 验证码的软件令牌。One-Time Password - In this mode, the Azure Authenticator app can be used as a software token to generate an OATH verification code. 然后可以将此验证码与用户名和密码一起输入,进行第二种形式的身份验证。This verification code can then be entered along with the username and password to provide the second form of authentication.

Azure 验证器应用可用于 Windows PhoneAndroidIOSThe Azure Authenticator app is available for Windows Phone, Android, and IOS.

移动电话Mobile Phone

如果要使用移动电话(短信或通话)作为主要联系方式,可使用以下步骤。If you want to use your mobile phone (text or call) as your primary contact method, you can use the following steps. 这些步骤将会引导你设置多重身份验证,以使用移动电话呼叫或短信作为联系方法。They will walk you through setting up multi-factor authentication to use your mobile phone for either a call or text as your contact method.

  1. 在“步骤 1:我们应如何联系你?”中,选择“身份验证电话”。Under Step 1: How should we contact you? select Authentication phone.

    显示用户希望通过电话进行联系的屏幕截图

  2. 在“国家或地区”框中,从下拉列表中一个值。In the country or region box, select a value from the drop-down list. 可能已显示有一个默认值。A default value may already be displayed.
  3. 在“国家或地区”框旁边的框中,键入你的移动电话号码。In the box next to the country or region box, type your mobile phone number. 包括区号。Include the area code. 允许有空格,但不允许有标点符号字符。Spaces are allowed, but punctuation characters are not. 例如,允许 5554445555 和 555 444 5555,但不允许 555-444-5555 和 (555) 444 5555。For example, 5554445555 and 555 444 5555 are allowed, but 555-444-5555 and (555) 444 5555 are not allowed.
  4. 选择想要使用的移动电话通信模式:短信或呼叫。Select the mode you would prefer to use with your mobile phone: Text or Call.
  5. 单击“下一步” 。Click Next.
  6. 单击“立即验证”按钮。Click the Verify Now button. 此操作将向你的移动电话发起呼叫或发送短信。This will initiate a call or a text to your mobile phone. 请确保随身携带电话。Be sure to have your phone with you. 根据你选择的模式(短信或呼叫),响应将有所不同。Depending on the mode you selected, Text or Call, your response will be different.

    • 如果你选择了短信模式,将通过短信向你发送 6 位代码。If you selected the text mode, a 6-digit code will be texted to you. 请在浏览器的显示框中输入此代码。Enter this code in the box that is displayed in the browser.

      Screenshot asking user to enter the code that was texted to them

    • 如果你选择了呼叫模式,你将收到电话呼叫。If you selected the call mode, you will receive a phone call. 请使用电话上的 # 号响应此呼叫。Respond to the call using the # sign on your phone.

      Screenshot prompting user to answer their phone to continue enrollment process

  7. 单击“下一步” 。Click Next.
  8. 此时,你已设置好联系方法,接着可以设置非浏览器应用(例如 Outlook 2010 或更低版本)的应用密码。At this point, you have setup your contact method and now it is time to setup app passwords for non-browser apps such as Outlook 2010 or older. 如果你不使用这些应用,请单击“完成”。If you do not use these apps click Done. 否则,请继续下一步骤。Otherwise continue to the next step.
  9. 如果你正在使用这些应用,请复制提供的应用密码。If you are using these apps then copy the app password provided.

    提示用户输入应用密码的屏幕截图

  10. 将已复制到剪贴板的密码粘贴到非浏览器应用程序。Paste the password that was copied to the clipboard into your non-browser application.
  11. 单击“完成”。Click Done.

办公电话呼叫Office Phone Call

本文此部分将引导你设置 Azure 多重身份验证,以使用办公电话作为主要联系方式。This section of this document will walk you through setting up Azure Multi-Factor Authentication to use your Office Phone as your primary contact method.

  1. 从下拉列表中选择“办公电话”。Select Office Phone from the drop-down list.

    显示用户希望通过办公电话进行联系的屏幕截图

  2. 在下拉列表中指定你的国家/地区,然后输入办公电话号码。Specify your country from the drop-down list and enter your Office phone number.
  3. 单击“与我联系”。Click Contact Me. 这将向你的办公电话发起呼叫。This will initiate a call to your office phone. 请务必待在办公电话旁边。Be sure you are near your phone.
  4. 单击“下一步” 。Click Next.
  5. 此时,你已设置好联系方法,接着可以设置非浏览器应用(例如 Outlook 2010 或更低版本)的应用密码。At this point, you have setup your contact method and now it is time to setup app passwords for non-browser apps such as Outlook 2010 or older. 如果你不使用这些应用,请单击“完成”。If you do not use these apps click Done. 否则,请继续下一步骤。Otherwise continue to the next step.
  6. 如果你正在使用这些应用,请复制提供的应用密码。If you are using these apps then copy the app password provided.
  7. 将已复制到剪贴板的密码粘贴到非浏览器应用程序。Paste the password that was copied to the clipboard into your non-browser application.

    提示用户输入应用密码的屏幕截图

  8. 单击“完成”。Click Done.

移动 应用程序Mobile Application

本文此部分将引导你设置 Azure 多重身份验证,以使用移动电话作为主要联系方式。This section of this article will walk you through setting up Azure Multi-Factor Authentication to use your mobile app as your primary contact method.

Azure 验证器应用可用于 Windows Phone、Android 和 IOS。The Azure Authenticator app is available for Windows Phone, Android, and IOS.

  1. 从下拉列表中选择“移动应用”。Select Mobile App from the drop-down.

    显示用户希望通过移动应用进行联系的屏幕截图

  2. 选择“通知”或“一次性密码”,然后单击“设置”。Select either Notification or One-time password and click Set up.
  3. 在已安装 Azure 验证器应用的手机上,启动该应用并单击“扫描条形码”。On the phone that has the Azure Authenticator app installed, launch the app and click scan barcode.

    提示用户选择扫描条形码选项的屏幕截图

  4. 扫描“配置手机应用程序”屏幕显示的条形码图片。Scan the barcode picture that came up with the configure mobile app screen. 单击“完成”关闭条形码屏幕。Click Done to close the barcode screen. 如果无法扫描条形码,请手动输入信息。If you are unable to scan the barcode, you can enter the information manually.

    提示用户扫描移动应用中出现的条形码的屏幕截图

  5. 在手机上,将开始激活过程,完成此过程后,请单击“与我联系”。On the phone, it will begin to activate, once this has completed click Contact me. 随后会将通知或验证码发送到你的手机。This will send either a notification or a verification code to your phone. 单击“验证”。Click Verify.

    提示用户验证发送到其手机的代码的屏幕截图

  6. 单击“关闭”。Click Close. 此时,验证应成功。At this point, your verification should be successful.
  7. 现在建议输入你的移动电话号码,以免无法访问移动应用。Now it is recommended that you enter your mobile phone number in case you lose access to your mobile app.
  8. 在下拉列表中指定你的国家/地区,然后在国家/地区旁边的框中输入移动电话号码。Specify your country from the drop-down list and enter your mobile phone number in the box next to country. 单击“下一步” 。Click Next.
  9. 此时,你已设置好联系方法,接着可以设置非浏览器应用(例如 Outlook 2010 或更低版本)的应用密码。At this point, you have setup your contact method and now it is time to setup app passwords for non-browser apps such as Outlook 2010 or older. 如果你不使用这些应用,请单击“完成”。If you do not use these apps click Done. 否则,请继续下一步骤。Otherwise continue to the next step.
  10. 如果你正在使用这些应用,请复制提供的应用密码。If you are using these apps then copy the app password provided.
  11. 将已复制到剪贴板的密码粘贴到非浏览器应用程序。Paste the password that was copied to the clipboard into your non-browser application.

    提示用户输入应用密码的屏幕截图

  12. 单击“完成”。Click Done.

了解更多信息?Want to learn more?

请参阅 Enterprise Mobility + Security(企业移动性 + 安全性)。See Enterprise Mobility + Security.