Understanding Modern vs. Legacy Authentication in Microsoft 365
Posted inEntra ID (Azure Active Directory) Microsoft 365

Understanding Modern vs. Legacy Authentication in Microsoft 365

Since October 2019, Microsoft has enabled Security Defaults by default in new Microsoft 365 tenants.  Security Defaults are a group of best-practice security settings, and one of note is the disablement of all legacy authentication, which itself has been off in Exchange Online and SharePoint Online, by default, since August 2017. The term legacy authentication doesn't refer to one particular protocol, but rather any that do not support Multi-Factor Authentication (MFA).  Protocols that support…
Store BitLocker Recovery Keys in Azure AD for Devices Already Encrypted
Posted inBitLocker Entra ID (Azure Active Directory) Intune Microsoft 365 Microsoft Intune PowerShell Windows

Store BitLocker Recovery Keys in Azure AD for Devices Already Encrypted

As you move from on-premises or third-party infrastructure to Microsoft 365 and Azure AD, you will want to keep those BitLocker recovery keys safe.  You can store those keys either in on-premises Active Directory or in the cloud with Azure AD. The behavior of the BitLocker / Azure AD relationship is that the recovery keys will only be stored against the device object in Azure AD if the encryption happens when the device is…