Being the very green admin in my own small company, this was exactly what I was looking for. I’ve spent over a day looking at 20+ Microsoft KB articles that have sent me round and round in circles, yet you’ve just nailed in 30 minutes. Thank you - subscribed!
@@bearded365guy So this is just about management of MFA for users and the availability of the various type of MFA rather than making any changes to each MFA type?
หลายเดือนก่อน
Great videos mate - i just subscribed - learning heaps, especially with the security side of things :)
Hi Jonathan, awesome video! Thanks a lot! Quick question, if the Break Glass account should be protected with MFA ( in this case using the YUBIKEY), what will trigger it if we are excluding it in all the conditional access policies? Thanks
@@eointhomas2914 Exactly we are using them for scan 2 mail purposes. Do you have any proper guide for implementing this apart from the MS documentation?
Agreed, @14:36, Ian is definitely the problem. Have you considered other options for Ian? Like a visit from Joe Pesci, to help understand what it is he does here?
I'm loving this. One question. What's the difference between when the authenticator gives you two numbers to select on your phone and the other one where you have to type in 6 numbers on your PC? What is the official name for each and which is better?
This seems to be something that is not really documented well. The migration process won’t complete unless you uncheck all methods in SSPR. This doesn’t disable SSPR as the enablement scoping is on a different page. From what I can tell, once this is done, you can no longer require two methods to reset or unlock your account. It will only use your primary method and not enforce a second method. MS should be more clear on this as companies have two methods set in the legacy settings.
Thanks Jonathan, finger on the pulse as always. Our Global Admin accounts for all customers are all Software OATH tokens. I read that this is not accepted as a first factor authentication method. Not sure if we need to change anything?
Johnathan thank you very much for such a needed video. My biggest problem after this is configuring legacy MFC printers to do scan to email and unattended remote support of clients who have enabled MFA. I need to be interactively with the client so that he provides either the SMS code or approves it with is authenticator app. I can't figure out how to do unattended remote support IE after hours to install apps, run diagnostics etc. All my client don't want to pay for Microsoft 365 business Premium they only use Microsoft 365 Business Standard. Thanks and regards. Alfred
For anybody confused, you will not have most of these options if you do not have the correct licensing.
หลายเดือนก่อน
nice video as always - for windows there is "Windows For Hello" for Mac there is " Platform SSO" what about for Linux? does anyone know there are similar solutions like this in Linux?
Hi Jonathan. i created an exclusion group for admins and added to the conditional access policy Require multifactor authentication for admins . but it does not apply, i do not get any mfa prompt. if i remove the group and sign in as an individual admin I do get prompted for mfa. if I do a what if, it shows the policy will not apply and shows users and groups as the reason why Policy Name Reasons why this policy will not apply State Require multifactor authentication for admins Users and groups On Any help would be appreciated
Being the very green admin in my own small company, this was exactly what I was looking for. I’ve spent over a day looking at 20+ Microsoft KB articles that have sent me round and round in circles, yet you’ve just nailed in 30 minutes.
Thank you - subscribed!
I appreciate that you do these videos in such a clear and concise manner. Without your explanations and examples, I would be lost! Thank You!!!
You're very welcome!
Pssst, Jonathan, it’s “deprecated”, not “depreciated.” Subtle difference in spelling but quite different meanings.
@@thesimpsoid This is true.
Always great to consume your thorough and impeccably produced vids. Thanks!
Yet another rocking one from the Bearded guy! Thanks and appreciated!
Epic! Another quality video. Not all heroes wear capes.
One of your best videos hands down. We implement Yubi for all our clients admin/break accounts and FIN employees. It's the way to go.
@@justepic7029 Thanks, I am pleased you found value!
Nice one Jonathan, thanks for sharing!
As usual. Great Video!!! Thanks Bro.
Useful and very information, thanks Jonathan.
Hey, What happened to existing methods from Legacy, Do users need to register with MFA again, any prompts to users?
@@DaysofIresh Users won’t have to do anything if you enable the right settings in the new policy.
@@bearded365guy So this is just about management of MFA for users and the availability of the various type of MFA rather than making any changes to each MFA type?
Great videos mate - i just subscribed - learning heaps, especially with the security side of things :)
Hi Jonathan, awesome video! Thanks a lot! Quick question, if the Break Glass account should be protected with MFA ( in this case using the YUBIKEY), what will trigger it if we are excluding it in all the conditional access policies? Thanks
Hey, what about App Passwords? I need those for my printers. Cannot find anything in the migration documentation.
App passwords are getting deprecated.
If it’s for scan to email purposes most places have moved to smtp relay providers
@@eointhomas2914 Exactly we are using them for scan 2 mail purposes. Do you have any proper guide for implementing this apart from the MS documentation?
@@eointhomas2914 Any guide to implement smtp relay for scan to mail purposed would be appreciated. Thanks
Agreed, @14:36, Ian is definitely the problem. Have you considered other options for Ian? Like a visit from Joe Pesci, to help understand what it is he does here?
@@lee161a We’ve got a problem with Ian. It’s not going to end well for Ian.
So you disabled SSPR -- so that means users can't reset their own password now?
@@iamweave No, they can. It’s all done with MFA registration……
I'm loving this. One question. What's the difference between when the authenticator gives you two numbers to select on your phone and the other one where you have to type in 6 numbers on your PC? What is the official name for each and which is better?
Hi, my question is why did you have to disable SSPR? Can I follow the guide skipping the SSPR part? Would it still work well?
This seems to be something that is not really documented well. The migration process won’t complete unless you uncheck all methods in SSPR. This doesn’t disable SSPR as the enablement scoping is on a different page. From what I can tell, once this is done, you can no longer require two methods to reset or unlock your account. It will only use your primary method and not enforce a second method. MS should be more clear on this as companies have two methods set in the legacy settings.
Hello Jonathan, I do not see your Enable Authenticator MFA youtube video anywhere, did you remove it?
Brilliant!
Awesome
Thanks Jonathan, finger on the pulse as always. Our Global Admin accounts for all customers are all Software OATH tokens. I read that this is not accepted as a first factor authentication method. Not sure if we need to change anything?
Johnathan thank you very much for such a needed video. My biggest problem after this is configuring legacy MFC printers to do scan to email and unattended remote support of clients who have enabled MFA. I need to be interactively with the client so that he provides either the SMS code or approves it with is authenticator app. I can't figure out how to do unattended remote support IE after hours to install apps, run diagnostics etc. All my client don't want to pay for Microsoft 365 business Premium they only use Microsoft 365 Business Standard. Thanks and regards. Alfred
Thank you so much !!!!!!!!!!
Thank you!
For anybody confused, you will not have most of these options if you do not have the correct licensing.
nice video as always - for windows there is "Windows For Hello" for Mac there is " Platform SSO" what about for Linux? does anyone know there are similar solutions like this in Linux?
extremely early
@@martiniproductions185 It’s never too early.
😂🎉
Hi Jonathan. i created an exclusion group for admins and added to the conditional access policy Require multifactor authentication for admins . but it does not apply, i do not get any mfa prompt. if i remove the group and sign in as an individual admin I do get prompted for mfa. if I do a what if, it shows the policy will not apply and shows users and groups as the reason why
Policy Name Reasons why this policy will not apply State
Require multifactor authentication for admins Users and groups On
Any help would be appreciated