![]() After registration, users are prompted ‘when necessary’. This registration only allows the use of the Microsoft Authenticator app and does not support text (SMS) messages or calls. The main impact is on end-users: after enabling security defaults, users will be required to register authentication methods within fourteen days. Most administrators already use multifactor authentication on other platforms, so having them approve sign-in requests should not have a significant impact. Each time an account assigned a specific Azure AD role logs in or somebody logs into an Azure management tool, they must use multifactor authentication. If an attacker compromises an administrator account, they can take control over a tenant and impact multiple users. It is important to assess the impact on service accounts, for which you can use this blog from Steve Goodman to identify potential blockers.Ĭontrols 3 and 4 (require MFA for Azure AD and Azure administrators) are extremely important controls because administrators are often a target for attackers. If people use up to date Outlook clients (both on mobile and desktop platforms), there should not be much impact for this control. Microsoft will begin the process of removing basic authentication for seven email connection protocols starting October 1, 2022, which is a good indication of how important they believe it is that users should stop using basic authentication. ![]() The last control in the list “blocking legacy authentication,” is a no-brainer and is something every organization should already have on its roadmap. Before turning on Azure AD security defaults, let us investigate what the impact will be for your end-users and administrators. Microsoft deems these settings to be the absolute minimum set of controls to which every tenant should adhere. Require multifactor authentication for privileged tasks in the Azure portal.Require Azure AD administrators to do multifactor authentication.Require an end-user to do MFA when deemed necessary. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |