Hey Andy, You are a great tutor. I enjoy and learn a lot while watching you. It would be fantastic if you record a video related password complexity policy. Thanks a lot
Thank you Andy for the informative explanation. May I know if you may have any recorded any video or will record one for companies that have the free license. I understand we can enable security default. I am wondering if we can disable security default, and still be using Per User MFA. Or that is not secure?
With a free license, you have very limited capabilities in terms of management and security options. I suggest licensing your users as soon as possible. More details on licensing check out learn.microsoft.com. I will go ahead and add this topic to my list as I do feel there is an update due. All the best, Andy
Andy my menthor!! may i ask you , for a company of 5 persons recent born , would you suggest to start using Entra with all that follows , AD , conditional access...
If Security Details is enabled, but I want to create conditional access for 1 user to require security key to log in, would I lose the features of Security Defaults org-wide?
@@AndyMaloneMVP Thanks much for your reply. How about if I just enable security keys under "authentication methods" and let the user register the key but no conditional access policy?
The problem is that I can’t sign in to the authenticator app because i need the code. But the code stand on the authenticator. Have you idea how to solve this?
You need to ask your GA to reset the MFA methods. If you are the lone Global admin for your account then you have to raise the support request and your request will be transferred to DPT team
Hi, I am new to Azure AD. I have a question. After sync Azure AD with ON Prem AD, lets say we are login to the azure AD with ON Prem Sync account. Can wee see the same configurations on the computer like applications , files etc once we logged in to the azure AD, which we were able to see when log in using ON Prem active directory?
Hi Andy I follow your channel. Like the way you explain about MS Ecosystem. We are a MS Partner in India and have one of our customer requirement : "How to allow sign in from only one device at a time. If user want to access from another device then he should first log out from the first device then he should be allowed to sign in from the 2nd device" They are using MS Business Basic and Entra P1 subscriptions at the moment. Please help with input. Regards
@@AndyMaloneMVP can you please share where in the conditional access policy we can set this. In Devices- It shows only OS platforms like windows, mac etc., Appreciate your quick help and guidance. Regards
SMS is relatively new. And to use SMS for anything is bad. SMS is kind of hackable with social engendering, getting a secondary SIM card or cell tower listening. To use SMS for MFA is ok as a last resort. But SMS as a login method? I hope i have misunderstood this but SMS for login as with a FIDO2 key is a really bad idea. So is voice call. I have noticed that even with this authentication method turned off users are required to add mobile phone numbers for password resets. So there is a migration you do here from the legacy manual MFA methods and SSPR methods into this place now. It that what is meant with SMS here, as a MFA or SSPR method and not as a password less login method?
What would be the best double authentication available when you land, you're outside the airport in another country and at the airport... all your stuff, mobile phone, tablet, computer, clothes are stolen ? How can you get into a cyber café (free) to use your Google account (double authentication methods) to get a phone number of a friend who can send money by Western Union for your holiday ? Of course you will have to go to the Ambassy for the rest (but it's Sunday and they are closed !)...
@@AndyMaloneMVP if it s been stollen and you need to get a phone number on your Google contacts in a free cybercafé... The computer of the cybercafé will send a double authorization on the stolen smartphone (do you have to contact the robber to click "yes it's me" button if his inside your smartphone s profile on that time ?). Sorry for my irony... Something goes wrong.
This is all great but on my end it doesn't work at all... I have a test-tenant with 3 business-standard licenses. I have fully migrated to the new auth. methods but no matter how I set it up my accounts are NEVER prompted for MFA. When I have a look in the login-logs for the accounts the login is fully satisfied with 1 factor login... I just don't get it...
I’m planning to do a demo on a business standard sub soon so watch out for that. The meantime here is a great resource for you learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide
Thank you Andy, when looking at the licensing and pricing from Microsoft I am starting to feel that for Standard licenses I can only user the "security defaults" which IMO is not good at all. To be able to use the authentication methods in some granular way I need a premium license - is that correct? I no that I need a premium license for conditional access - but this new auth. methods doesn't trigger at all @@AndyMaloneMVP
Hey Andy. i enjoy your video's. Thanks for share .
I love the delivery and how you get your ideas across. Its great seeing you again - thank you for your content
Excellent video guide and great detail in explaining each option that is required.
Andy! the best!!!!!!
Lovely as always
Hey Andy, You are a great tutor. I enjoy and learn a lot while watching you. It would be fantastic if you record a video related password complexity policy. Thanks a lot
great session.!
Thanks brother, great stuff!
Thanks, this helped me a lot.
Excellent thanks for everything, Well explained concepts as always
My pleasure!
Thanks again its a big help for me
Awesome thank you, funnily enough I’m listening from Adelaide :)
Yay great to have you onboard 👍
I was just reading MFA complaints on reddit.
Hey Andy, You are a great tutor i really enjoy your sessions. I have a question, Do you have any presentation on AD Reporting?
Not specifically, sorry
Hello I am glad to hear your sessions I want to know how to deploy 3rd party authentication methods on Azure
N authentication methods you can deploy 3rd party Oauth hardware tokens. Check documentation for more details.
Thank you Andy for the informative explanation. May I know if you may have any recorded any video or will record one for companies that have the free license. I understand we can enable security default. I am wondering if we can disable security default, and still be using Per User MFA. Or that is not secure?
With a free license, you have very limited capabilities in terms of management and security options. I suggest licensing your users as soon as possible. More details on licensing check out learn.microsoft.com. I will go ahead and add this topic to my list as I do feel there is an update due. All the best, Andy
@@AndyMaloneMVP Thank you so much Andy for your response. Happy Holidays!
Andy, how long do you expect for a custom authentication strength from setup to become available so you can pick it up in a conditional access policy?
Normally it becomes available very quickly, however, I have heard that this depends on the data centre. It can take up to 24 hours.
💪💪💪👏👏
Hi Andy. Great video.
Are all these settings included in all types of license or do we need an AD premium license?
P1 may be required for some. p2 required for identity protection.
Confused about the Registration campaign, I see excluded users and groups, but I don't see Included? How do I target the campaign for just one group?😕
Could be a licence thing.
what if I have conditional access policies already for MFA, is this going to overwrite conditional access?
No
Andy my menthor!! may i ask you , for a company of 5 persons recent born , would you suggest to start using Entra with all that follows , AD , conditional access...
Yes
If Security Details is enabled, but I want to create conditional access for 1 user to require security key to log in, would I lose the features of Security Defaults org-wide?
Yes
@@AndyMaloneMVP Thanks much for your reply. How about if I just enable security keys under "authentication methods" and let the user register the key but no conditional access policy?
The problem is that I can’t sign in to the authenticator app because i need the code. But the code stand on the authenticator. Have you idea how to solve this?
Ask your administrator to reset your multifactor authentication, and then you’ll be able to login
@@AndyMaloneMVP Great! Thank you!
You need to ask your GA to reset the MFA methods. If you are the lone Global admin for your account then you have to raise the support request and your request will be transferred to DPT team
Hi, I am new to Azure AD. I have a question. After sync Azure AD with ON Prem AD, lets say we are login to the azure AD with ON Prem Sync account. Can wee see the same configurations on the computer like applications , files etc once we logged in to the azure AD, which we were able to see when log in using ON Prem active directory?
These would be configured via Intune. Yea it would be a similar user experience. There are connectors to on Orem for Apps and files
@@AndyMaloneMVP Could you please share if there are any video links for this in your channel please. I am really new to this field.
Hi, how to enable specific user ID app password? Is it required any specific license to do that?
No
Hi Andy I follow your channel. Like the way you explain about MS Ecosystem. We are a MS Partner in India and have one of our customer requirement : "How to allow sign in from only one device at a time. If user want to access from another device then he should first log out from the first device then he should be allowed to sign in from the 2nd device" They are using MS Business Basic and Entra P1 subscriptions at the moment. Please help with input. Regards
On the top of my head conditional access sounds like that this could be a solution
@@AndyMaloneMVP can you please share where in the conditional access policy we can set this. In Devices- It shows only OS platforms like windows, mac etc., Appreciate your quick help and guidance. Regards
SMS is relatively new. And to use SMS for anything is bad. SMS is kind of hackable with social engendering, getting a secondary SIM card or cell tower listening. To use SMS for MFA is ok as a last resort. But SMS as a login method? I hope i have misunderstood this but SMS for login as with a FIDO2 key is a really bad idea. So is voice call. I have noticed that even with this authentication method turned off users are required to add mobile phone numbers for password resets. So there is a migration you do here from the legacy manual MFA methods and SSPR methods into this place now. It that what is meant with SMS here, as a MFA or SSPR method and not as a password less login method?
This is why phishing resistant MFA is the way to go👍😊
What would be the best double authentication available when you land, you're outside the airport in another country and at the airport... all your stuff, mobile phone, tablet, computer, clothes are stolen ? How can you get into a cyber café (free) to use your Google account (double authentication methods) to get a phone number of a friend who can send money by Western Union for your holiday ? Of course you will have to go to the Ambassy for the rest (but it's Sunday and they are closed !)...
Have a backup FIDO key
@@AndyMaloneMVP the cyber café at the airport doesn't give the access for the USB port...
@@bluepawn you’ll be able to use your phone as a passkey soon😊👍
@@AndyMaloneMVP if it s been stollen and you need to get a phone number on your Google contacts in a free cybercafé... The computer of the cybercafé will send a double authorization on the stolen smartphone (do you have to contact the robber to click "yes it's me" button if his inside your smartphone s profile on that time ?). Sorry for my irony... Something goes wrong.
This is all great but on my end it doesn't work at all... I have a test-tenant with 3 business-standard licenses. I have fully migrated to the new auth. methods but no matter how I set it up my accounts are NEVER prompted for MFA. When I have a look in the login-logs for the accounts the login is fully satisfied with 1 factor login... I just don't get it...
I’m planning to do a demo on a business standard sub soon so watch out for that. The meantime here is a great resource for you learn.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide
Thank you Andy, when looking at the licensing and pricing from Microsoft I am starting to feel that for Standard licenses I can only user the "security defaults" which IMO is not good at all. To be able to use the authentication methods in some granular way I need a premium license - is that correct? I no that I need a premium license for conditional access - but this new auth. methods doesn't trigger at all @@AndyMaloneMVP