mfa

A first look at Administrative Units and My Staff in Azure Active Directory

Recently, Microsoft introduced Administrative Units in Azure Active Directory. At the time of writing, this feature is in preview. Today we take a first look at how this is going to help organizations managing users and groups in Azure Active Directory. But to understand why this feature is such a big deal, we need to know what the difference is between the “classic” Active Directory and the “modern” Azure Active Directory structure. Active Directory To illustrate this, I created a… 

Sure, keep me signed in! And don’t prompt for MFA!

Today a short blog about MFA prompts, session lifetime, and cookies. This will give you an idea of how you can tune the end-user experience and where to configure these settings. Session lifetime in Azure AD is often mistaken. When you start working with Azure AD, Conditional Access, and Multi-factor authentication, there are a couple of things you should know. The Azure AD defaults are pretty loose. When you leave every setting to default, the user experience is pretty good.… 

SharePoint Online, Authentication Tags and Conditional Access. What’s not to like?

I should start with a warning. The feature we are going to talk about is new. Brand new. Please start by reading the limitations that come with this feature, and I strongly suggest to only apply this in test or demo environments. That being said, I want to point out how psyched I am about this new functionality. Despite the limitations, this is something you should start to look in to. In the meantime, I’ll keep updating this post with… 

What admins should know about the combined registration portal for Azure MFA and Self Service Password Reset

The (long) title pretty much reveals the purpose of this blog post. This one was on my to-do list for a while now, and now the combined registration portal is General Available, the time was there. In my previous MFA related blogs, I always encouraged my readers to turn on the combined registration portal, even when it was in public preview. But if you start using this portal, there are quite some settings that can change the user experience of… 

Use Power Automate for your custom “dynamic” groups

Azure AD Dynamic Groups Dynamic groups in Azure AD are awesome. I use them a lot. Dynamic groups can create groups based on attributes. For example, you can create a group that includes all the users from the Sales Team. The query for the group would look like this: If a new user comes along with the same attribute, the user will automatically be added to this group. This can be really helpful for onboarding. You can pick a lot… 

Microsoft Secure Score Series – 04 – Ensure all users can complete multi-factor authentication for secure access

Multi-factor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised. In this blog post, we take a look at the different ways to make sure that your users can register for multi-factor authentication. Enabling Multi-Factor Authentication is a no-brainer giving the fact that your identity is your key to almost all your… 

How to publish on-premises applications and protect them with MFA

Using Azure Application Proxy you can publish your on-premises web applications in a secure way. Combining this with Conditional Access, you can configure MFA for example. Now Coronavirus is hitting us hard, you might have to take a look at this feature. Assume the following use case: you have Citrix or RDS available for 50% of your users, so they can work from home or elsewhere. Now, because of the Coronavirus (or any future disaster), all of your employees have… 

Microsoft Secure Score Series – 02 – Require MFA for administrative roles

Require MFA for administrative roles Requiring multi-factor authentication (MFA) for all administrative roles makes it harder for attackers to access accounts. Administrative roles have higher permissions than typical users. If any of those accounts are compromised, critical devices and data is open to attack. In this post, we take a look at enabling MFA for your administrators. As stated in the description, users with administrative roles are interesting targets for hackers. Of course, it is recommended to enable MFA for… 

Require trusted location for MFA and SSPR registration

This article shows how you can block MFA and SSPR registrations from untrusted locations using Azure AD Conditional Acces. When you want to enable MultiFactor Authentication and Self Service Password Reset for your users, they need to register their security settings first. Since the combined portal arrived, users can do this easily in just one place. Using this combined portal is also a requirement in order to make this possible. Although this portal is still in preview, it has great…