Tag - MFA

Turn your MFA up to 11

But have you turned multifactor authentication ALL the way on?

Do you remember just a short time ago, Microsoft would claim that switching on Multi-factor Authentication (MFA) prevents 99.9% of identity-based attacks? Well, the times they are a-changin. I do not know what they would report today for a percentage of attacks which are thwarted by MFA alone, but I...
Read more...

No more excuses: 5 Tips & tricks to make Office 365 MFA easier on people

As I'm sure you are aware by now, Multi-factor Authentication reduces your risk of identity compromise by 99.9%. Requiring so called "strong passwords," by contrast, doesn't make that much difference at the end of the day. And yet, we're still beneath 10% of even just admin accounts in Azure AD...
Read more...

Devices still matter, Part 1: Why you need a device management strategy

The Center for Internet Security (CIS) publishes 20 controls in their cyber-security framework. If you want to understand what good management looks like, then start here. The first six controls are considered the "basics"--the first and most important steps that any organization should be taking as they work to secure...
Read more...

Windows Hello for Business: Azure AD Join vs. Hybrid Join

Windows Hello for Business replaces a traditional password when signing into your workstation, with a stronger two-factor authentication. One factor being some kind of local gesture such as a PIN, fingerprint or facial recognition, and the other being a key or certificate that is bound to the device itself. When you...
Read more...

How to manage and secure service accounts in Microsoft Office 365 (without MFA)

Okay, so hopefully everyone knows by now that MFA is not an "optional" thing that you can decide to turn on, or not, depending on your "feelings." It isn't a choice, and your feelings about it don't matter. You need to turn it on. I would recommend requiring MFA...
Read more...

How to require MFA for Azure AD Join, and enable Enterprise State Roaming

Hey folks! We have already covered a few posts on Azure AD Premium and Conditional access; and that's great--because you do things like enforce requirements like Multi-factor Auth, but only in situations where devices are unmanaged. This provides a way better user experience than enabling MFA across the board, and without...
Read more...

Coming soon to an Azure AD/Microsoft 365 subscription near you: Life without passwords?!

I previously commented when Microsoft released new password guidance, which is backed by their own research as well as that of NIST. A quick recap of that: Require passwords have at least 8 characters. Longer isn't necessarily better, as they cause users to choose predictable passwords, save passwords in files,...
Read more...

How to enforce the use of managed applications (e.g. the Outlook app for Exchange Online) using Conditional Access in Azure AD Premium

In a previous post I demonstrated how easy it is to create a Mobile Application Management policy in Microsoft 365. With the addition of Azure AD Premium P1, we can also leverage Conditional Access polices that will require users to interact with corporate data through the Microsoft applications such as...
Read more...

How to leverage Conditional Access policies to make MFA less annoying: Require only for unmanaged devices

Multi-factor authentication is something I strongly believe in and recommend to all of my customers. But no matter how much I harp on it, most of them don't want to implement it, or  they try it out, then beg me to roll back, because... well... it's annoying. Users hate being...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.