Category Archives: Multi-Factor Authentication

HOWTO: Secure VMware Horizon with Azure MFA through its NPS Extension

This week, one of my customers is switching to Azure multi-factor authentication as their only multi-factor authentication solution for their employees. As the organization leverages VMware Horizon, this implementation needs to be switched to Azure MFA as well. Here’s how we secured their VMware Horizon implementation with Azure MFA through the Azure MFA NPS Extension: […]


TODO: Optimize the Azure Multi-factor Authentication methods used throughout your organization

Multi-factor Authentication will be organizations’ means of authentication verification for a while. After clearing the first hurdles in your organization when implementing multi-factor authentication, consisting of communication, registration and adoption, the next hurdle is optimization.   Why optimize Multi-factor Authentication? Multi-factor Authentication offers verification of people authenticating to access organizational data, applications, services and/or systems; […]


TODO: Move from per-user MFA to Conditional Access

One of the remnants of the PhoneFactor infrastructure is an old page that is linked in the Azure Portal. It allows for enforcing multi-factor authentication on a per-user basis. It should not be used for several reasons. Here’s why.   Ways to require multi-factor authentication in Azure AD In Azure Active Directory, there are three […]


Choosing the right Passwordless sign-in method for your colleagues

Passwordless is Microsoft’s strategy to improve enterprise security and enable end-user convenience at the same time. The era of passwords is slowly coming to an end and Microsoft offers readily-available solutions for your colleagues to sign-in to their devices and services. However, with its many passwordless methods, Microsoft isn’t making it easy for identity admins […]


KnowledgeBase: App Passwords are only available to users with a non-Conditional Access MFA requirement

Multi-factor authentication is the current solution to the problem of inadequate information security in today’s world of user names and passwords. When you have enabled multi-factor authentication in Microsoft Azure and Office 365, you might need app passwords to allow for certain access to not disrupt the business.   The situation As an organization, you […]


Announced: Azure AD to offer more 3rd Party MFA features

Azure Active Directory is Microsoft’s Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Azure Active Directory, Microsoft announced a plan for change regarding Azure MFA.   What’s announced Microsoft is planning to replace the current Custom controls (preview) in Conditional Access […]


Requirements per Windows Hello for Business Deployment Type

Windows Hello for Business is awesome technology, that allows for multi-factor authenticated sign-in on Windows 10 devices.   About Windows Hello for Business In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to […]


HOWTO: Enable Windows Hello for Business FIDO2 Key sign-in without Microsoft Intune

The official Microsoft documentation teaches us that Microsoft Intune is an optional requirement to configure Windows Hello for Business to show the option to display the FIDO security key sign-in method as part of the Sign-in options on the Windows Logon Screen. However, a method to achieve the same goal without Microsoft Intune is not […]


Citrix’ NetScaler patch may break the Azure MFA NPS Extension for people who use text messages as their method

The Internet has been on fire for the last week, as a vulnerability in Citrix appliances was actively attacked. In the Netherlands, the National Cyber Security Center advised organizations to switch off Citrix networking appliances. Dutch  Now that organizations are switching them back on to patch the affected systems, they may be in for another surprise […]


Is the Authenticator App required for free Azure MFA?

At Microsoft Ignite 2019, Microsoft announced free Azure Multi-factor Authentication for all through the new Security Defaults feature for Azure Active Directory: Enable multi-factor authentication for free. Now, the official documentation shares more information on this feature and it implies that Azure Multi-factor Authentication (Azure MFA) is only free when it is enabled through the […]