In this section, we will see two advanced scenarios used to authenticate against Azure services. The first is the Multi-Factor Authentication, which is useful to secure the directory users' accounts with a two-step verification; the second are Management Certificates, used to establish a secure channel between two parties and operate as administrators against a given subscription.
Azure AD has built-in features to enable Multi-Factor Authentication for its users. As for the two-step verification of the Microsoft account (discussed earlier in the chapter) Multi-Factor Authentication involves more than just one factor, combining:
What we know: This refers to valid credentials
What we have: This refers to a device, for example