AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Azure b2c mfa10/14/2023 ![]() ![]() We also have the ability to define custom authentications strengths in Azure AD, which we can find under Security -> Authentication Methods -> Authentication Strengths (Preview).Īnd if we look at the details, this opens up a whole world of options for us:įirst, let us examine the out-of-the-box options. Phishing-resistant multifactor authentication – Phishing-resistant Passwordless methods for the strongest authentication, such as FIDO2 Security Key.Passwordless multifactor authentication – Passwordless methods that satisfy strong authentication, such as Microsoft Authenticator.Multifactor authentication – Combinations of methods that satisfy strong authentication such as Password + SMS.When we select this dropdown, we see that we have the following options available: Within Grant Controls, we now have a new option, Require authentication strength. And since this is a tenant-wide setting, we have had the historical issue where we couldn’t say enforce stronger forms of authentication for privileged accounts, such as Global Admins. In many tenants it’s always practical to try and restrict users from using weaker forms of MFA, especially at times when they may need to use that to bootstrap themselves into stronger authentication methods such as passwordless. But up until now, we never had the ability to specify what that level could be – if a user in a tenant has a FIDO2 security key, but also is registered for SMS text, they could use either that security key or their password and SMS text for MFA. Within the Grant Control section of a Conditional Access policy, we’ve always had the Require multifactor authentication control, which enforced MFA. ![]() ![]() With this, we now have granularity in Conditional Access to not just specify whether MFA is required, but also how strong the collective authentication is. Microsoft has released a much asked for setting, which also aligns to the Whitehouse memorandum, M-22-09, calling for federal agencies to require phishing resistant MFA by 2024, you can read the full memorandum here, M-22-09 Federal Zero Trust Strategy (). The Require authentication strength Conditional Access Grant Control is currently in Public Preview ![]()
0 Comments
Read More
Leave a Reply. |