Creating an MFA Provider when you have CSP or DreamSpark

Microsoft is working hard to migrate all management activities from the ‘classic’ Windows Azure Management website ( to the ‘new’ Azure Portal (

Some of Microsoft’s new subscriptions, like its DreamSpark and CSP-style subscriptions, don’t offer access to the ‘classic’ Windows Azure Management website. But alas, some of the management tasks for implementing Multi-factor Authentication (MFA) for your organization can only be performed in that portal. Setting up an Azure MFA Provider to implement MFA Server on-premises is one such scenario, and a fairly common one: You can’t download and connect your on-premises MFA Servers without an MFA Provider.

However, you might hit the No subscriptions found. screen when you follow a link from the new Azure Portal to the classic portal, or when you navigate directory to the ‘classic’ Azure Management website:

No subscriptions found.

This blogpost shows you how to overcome that hurdle, by creating an Azure Active Directory-only Azure subscription.


About Azure AD-only Azure subscriptions

Azure AD-only subscriptions are special subscription that give access to Azure Active Directory only. With a special Azure offer code, you can sign up for such a subscription. Signing up does not require a credit card.

This subscription has the following characteristics:

  • It is a regular Azure subscription
  • It has a subscription ID that can be managed and associated with EA
  • It will not expire or incur charges
  • It can only manage Azure AD services
  • You can assign licenses for Azure AD Basic or Free since these are purchased over licensing agreements as opposed to Azure consumption
  • You cannot create any other Azure resources except those related to Azure AD
  • You can add other co-admins and change the service admin from the account portal
  • The account that signed up for this subscription is also the account admin and has access to the account portal


Signing up for an Azure AD-only Subscription

Perform these steps to sign up for an Azure AD-only subscription:

  • Make sure you use a clean browser or browser tab where you are not already signed in to any Microsoft services, either Azure AD-based or Microsoft Account (MSA)-based. My recommendation is to use an InPrivate browser session.
  • Navigate to the following URL:
  • Select Sign in with your organizational account and sign in with the Global Administrator account of your Azure AD tenant.

Sign up for an Azure AD-only Subscription (click for original screenshot)

  • Complete the Azure sign up form and press the Next button to complete the first piece of the form.
  • Now, enter your phone number and press the Next button in the second piece of the form.

Sign up for an Azure AD-only Subscription, step 2 (click for original screenshot)

  • Press the Sign up button.

Welcome to Microsoft Azure (click for original screenshot)

  • You will be forwarded to the Azure Account portal while your subscription is set up. This will only take a few minutes. After this brief period of time, you will receive an e-mail message and the screen will change.
  • At this moment, go to your browser’s address bar, and change the URL to
  • You can opt to take the Windows Azure tour, or skip it by pressing the little x in the right top corner of the modal screen.
  • You can close the New pane that appeared from the bottom, and you can certainly close the blue Portal modal that lures you to the New Azure Portal.
  • In the left navigation pane, click on Active Directory.

Azure Active Directory in the Classic Portal (click for original screenshot)

  • From the menu items below active directory in the main screen, click on MULTI-FACTOR AUTH PROVIDERS.
  • In the Name field, type something useful to name your MFA Provider. If your organization has a naming convention, follow that.
  • Select the Usage Model.
  • Click Create at the bottom of the screen.



Now, you now have access to manage the full feature set of Azure AD and Azure Multi-Factor Authentication. Go ahead and enjoy all the goodness Azure MFA Server has for you!

Further reading

Multi-Factor Authentication – Access control | Microsoft Azure
Get started Azure Multi-Factor Auth Provider
Azure MFA – Auth Provider Creation
Hybrid Cloud Identity Part 3: Multi-factor Authentication
Customize Azure Multi-factor Authentication – Part 1

leave your comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.