Trying to get rid of the PhoneFactor remnants in my Azure AD tenant, I’ve already shown hot to move from per-user MFA to Conditional Access, Move from MFA Trusted IPs to Conditional Access Named Locations and to move from the ‘Allow users to remember multi-factor authentication on devices they trust’ option to Conditional Access. Today … Continue reading "TODO: Migrate off the ‘Skip multi-factor authentication for requests from federated users on my intranet’ settings"
Roughly 6 months ago, on February 26th, 2020, we saw the release of Microsoft Multi-factor Authentication Server (MFA Server) version 8.0.4. Now it’s time for an update to Microsoft’s product that allows organization to add multi-factor authentication to RADIUS-, AD FS-, IIS-based and other on-premises authentication scenarios. This week, Microsoft released version 18.104.22.168. What’s … Continue reading "Azure Multi-Factor Authentication Server 22.214.171.124 is here"
On this blog, and in several other places, I’ve shared my experiences with Azure Multi-Factor Authentication. In the early days of Azure MFA, a lot of organizations, a lot of client applications and a lot of 3rd party services were not able to perform multi-factor authentication. For these situations, Microsoft provided the App Passwords functionality. … Continue reading "Getting to know the devices that people in your organization use App Passwords on"
Organizations are still using settings in the old PhoneFactor Multi-factor Authentication portal. However, with the new Security Defaults functionality, they may hurt themselves by locking out users, after the 14-day grace period for registering multi-factor authentication expires. About the PhoneFactor verification options The old PhoneFactor Multi-factor Authentication portal experience is a remnant of Microsoft … Continue reading "KnowledgeBase: Users receive an error when registering MFA when Security Defaults are enabled and the mobile app verification options are disabled"
Trying to get rid of the PhoneFactor remnants in my Azure AD tenant, I’ve already shown hot to move from per-user MFA to Conditional Access and to move from the ‘Allow users to remember multi-factor authentication on devices they trust’ option to Conditional Access. Today let’s tackle a third configuration item: PhoneFactor’s Trusted IPs. The … Continue reading "TODO: Move from MFA Trusted IPs to Conditional Access Named Locations"
Windows Hello for Business is awesome technology, that allows for multi-factor authenticated sign-in on Windows 10 devices. When you’ve got it working the way you want it to work, it’ll work flawlessly. But, there are situation where you can’t get it to work the way you want, it stops working the way you want, or … Continue reading "HOWTO: Delete your Windows Hello for Business Registrations"
This week, one of my customers is switching to Azure multi-factor authentication as their only multi-factor authentication solution for their employees. As the organization leverages VMware Horizon, this implementation needs to be switched to Azure MFA as well. Here’s how we secured their VMware Horizon implementation with Azure MFA through the Azure MFA NPS Extension: … Continue reading "HOWTO: Secure VMware Horizon with Azure MFA through its NPS Extension"
Multi-factor Authentication will be organizations’ means of authentication verification for a while. After clearing the first hurdles in your organization when implementing multi-factor authentication, consisting of communication, registration and adoption, the next hurdle is optimization. Why optimize Multi-factor Authentication? Multi-factor Authentication offers verification of people authenticating to access organizational data, applications, services and/or systems; … Continue reading "TODO: Optimize the Azure Multi-factor Authentication methods used throughout your organization"
One of the remnants of the PhoneFactor infrastructure is an old page that is linked in the Azure Portal. It allows for enforcing multi-factor authentication on a per-user basis. It should not be used for several reasons. Here’s why. Ways to require multi-factor authentication in Azure AD In Azure Active Directory, there are three … Continue reading "TODO: Move from per-user MFA to Conditional Access"
Passwordless is Microsoft’s strategy to improve enterprise security and enable end-user convenience at the same time. The era of passwords is slowly coming to an end and Microsoft offers readily-available solutions for your colleagues to sign-in to their devices and services. However, with its many passwordless methods, Microsoft isn’t making it easy for identity admins … Continue reading "Choosing the right Passwordless sign-in method for your colleagues"