Azure AD Authentication Methods and Policies

Рет қаралды 7,084

John Craddock Identity and Access Training

Күн бұрын

In this video, you will learn about Azure AD Authentication Methods and the policies that control the methods. Microsoft has resonantly added to the available Authentication Method Policies. The plan is to depreciate the legacy MFA and Self-Service-Password-Reset (SSPR) policies in 2024. Before they are retired, you need to migrate your legacy configuration.
Watch the video to understand legacy policies, the new policies and the migration process. You can also see all the authentication methods in action and how they are configured by administrators and users.
SUBSCRIBE and KEEP LEARNING
Please add comments, and let's build a community of Identity Geeks together
Join me for an intense 5-day masterclass on Azure AD Identity
learn.xtseminars.co.uk
Times Codes:
00:00 Into
10:36 The Demo Environment
12:04 FIDO2 Security Keys
17:14 Microsoft Authenticator
25:15 SMS for MFA and SSPR
27:31 SMS for 1st Factor Sign-in
31:03 Using a Temporary Access Pass (TAP)
33:26 Third-party Software OATH Tokens
36:40 Voice Call
38:26 Email OTP for SSPR
42:45 Email OTP for Guest Users
46:54 Certificate-based Authentication
51:07 Adding OATH Hardware tokens & Security Questions
58:06 Administrator Policy
59:27 Wrap up!

Пікірлер: 36

@munnik85 4 ай бұрын

Hi John, Thank you for this crystal clear insight into Authentication methods. My question is this: How to migrate legacy MFA/authentication methods to the new Entra/Azure AD Authentication method policies for multiple tenants at once? Thanks for your insights in advance!

@joneslt 6 ай бұрын

These videos are great! Very clear concise explanations. I am learning alot from your vids. Thank so much!

@john_craddock 6 ай бұрын

That's great to hear! Thanks for the feedback

@citizenearth3324 7 ай бұрын

Wow, Thanks for making it .

@john_craddock 7 ай бұрын

Hi, thanks for leaving a comment. I am pleased you found it useful

@adeo8799 Жыл бұрын

Very clear concise information, appreciate it!

@john_craddock Жыл бұрын

Thanks Ade, I appreciate the feedback. Don't forget to subscribe there are lots more videos to come!

@roelofsee Жыл бұрын

This is really great John, thanks a lot. They are almost no courses, video's that offer an explanation and demo on this detail (implementation) level.

@john_craddock Жыл бұрын

Thanks Eric for your kind remarks. They are very gratifying to hear.

@systechadmin8368 Жыл бұрын

Very Clear to understand and appreciate your effort to make this video .

@john_craddock Жыл бұрын

SysTech, thanks for the feedback. It's great to hear you appreciated it!

@scott3107 Жыл бұрын

Clear and engaging. Thanks John, looking forward to your content! By the way, you can create sections in your videos to represent the different topics you've illustrated in the description. All the best!

@john_craddock Жыл бұрын

Thanks Scott. I do have section breaks, but it takes KZbin a while to swop the thumbnail for the section breaks. Hope fully tomorrow it will all be done!

@221989qwerty Жыл бұрын

This is very clear explanation. Thank you for creating this informative video.

@john_craddock Жыл бұрын

Hi, Great to have you feedback - many thanks

@palash81 Жыл бұрын

Very impressive and detailed explanation about Azure AD Authentication method :)

@john_craddock Жыл бұрын

Thanks Palash - It's always great to hear from people who appreciate the videos. Keep watching there are more to come!

@zameerhussain9638 Жыл бұрын

Have been waiting for this awesome thing to happen. Finally 🎉 John’s youtube channel.

@john_craddock Жыл бұрын

Thank Zameer - hopefully people will watch it!

@AndyMaloneMVP Жыл бұрын

Awesome :-)

@john_craddock Жыл бұрын

Thanks 🤗

@MrKubateos Жыл бұрын

Great :)!!!

@john_craddock Жыл бұрын

Thanks Psota, Glad you enjoyed it!

@varunkamarapu2372 Жыл бұрын

Hi @john, this is a great video. I thoroughly enjoyed this. Can you please let me know if you are planning to do videos for beginners on AAD, where you will have a video on each blade (such as conditional policies, SSPR, Enterprise apps etc.,) in AAD.

@john_craddock Жыл бұрын

Hi Varun, thanks for the feedback. My plans are for deep-dive content at the moment. However, I will do a What is Azure AD? video soon

@bartoszm4290 Жыл бұрын

Great content! Thanks John. I have a question on the topic of this case. What if there are Legacy MFA methods set up in the organization? Let's give an example. In legacy MFA we have methods enabled: SMS and App. We want the users in the MFA-App group to be able to register only the App method. What do we need to do in this situation? Disable all Legacy MFA settings and configure the policy in Azure AD ? Or just a policy that ignores Legacy settings (if it works like that) is enough ?

@john_craddock Жыл бұрын

Hi Bartosz, Thanks for your feedback. To answer your question, you have three migration settings available. Pre-migration, Migration in progress and Migration complete. To switch to so that only the MFA-App group gets the app method (I assume you mean the Microsoft Authenticator) will require the you to add the MFA-app group to the New Authentication Methods Policy. If you are confident that you have migrated all your settings you could switch to Migration complete and only the new policy will apply. Alternatively, you could select Migration in progress and remove the SMS and App settings from the legacy policy. If you choose the 1st option I would still clean up the legacy policy. I hope that helps.

@AndriiKorol-um5ow 9 ай бұрын

Thank you for the interesting video. Maybe you know, how I can handle the MFA via Postman?

@john_craddock 9 ай бұрын

Hi, Thanks for your feedback. If you are signing on as a user, you will be prompted for MFA when you request the access token. MFA should just work.

@ne-pro-vse 9 ай бұрын

@@john_craddock , thank you for the quick answer. The API response is 401 Unauthorized. P.S. I have been successfully using this api authorization before enabling the MFA.

@Doctair Жыл бұрын

@john, Great Vid! What do you suggest you do for removing the Legacy Per User MFA? Should you go to each user and Disable them and then go to settings tab and uncheck the Methods Available under Verification Options. Perhaps a quick Follow up video of how to remove the old legacy and go all in would be super helpful. Also adding a scenario for Breakglass where they don't have a Yubikey or SMS available. thanks again , so glad I found your channel, Cheers!

@john_craddock Жыл бұрын

Hi @Doctair, Thanks for the feedback. I'll have to look at producing another video on the topic in the meantime Google and Microsoft Learn should give you the answers. Thanks again and please keep watching!

@pingpingyu9897 11 ай бұрын

Hi John, thanks for the great work!! Does the Authentication Method normally work in conjunction with Conditional Access Policies? What are the relationship between this two? What if a user is in a CA policY that requires MFA but not in any Authentication Methods? Thanks Ping

@john_craddock 11 ай бұрын

Hello, thanks for watching and I am pleased you found it useful. The authentication method is not necessary related to CA. However, in the case of MFA a user must be setup with an authentication method that will satisfy the CA MFA requirement. In CA if you choose the MFA option, you can use any MFA method, however, if you choose Phishing resistant MFA an appropriate method will need to be in place. The exception to all this is Hello for Business which provides strong auth. I hope that helps.

@prabhattanwar9386 10 ай бұрын

Hi John, Thanks for the information. You explained the things really well. I seem to be hung up at a spot where I have my client on Azure Free license (no Azure Premium) and SSP is disabled. I have security defaults enabled for them but it ofcourse prompts them to authenticate logon only when Microsoft thinks its right but I want them to get prompted on attempts to all Office Products just like legacy per user MFA did. I see every article shows Azure premium is in place. I have my client migration status in progress and seem to be stuck in migrating them to complete. Could you suggest how I would be able to migrate them from legacy MFA to Azure in such case?

@john_craddock 10 ай бұрын

It's probably a licensing issue, I'll ask some questions and get back to you