Conditional Access: Skip MFA for Company Devices on the Company Network
Posted inConditional Access Entra ID (Azure Active Directory) Microsoft 365

Conditional Access: Skip MFA for Company Devices on the Company Network

A common Conditional Access policy is to add trusted locations as an exception to multi-factor authorisation requirements.  The logic goes, if you accessing resources such as Office 365 from a location such as the corporate office, that's an element of verification in itself that your login should be trusted, so we should improve your user experience by removing MFA.  Personally, I support the use of MFA regardless of where you are authenticating (at the…
Understanding Modern vs. Legacy Authentication in Microsoft 365
Posted inEntra ID (Azure Active Directory) Microsoft 365

Understanding Modern vs. Legacy Authentication in Microsoft 365

Since October 2019, Microsoft has enabled Security Defaults by default in new Microsoft 365 tenants.  Security Defaults are a group of best-practice security settings, and one of note is the disablement of all legacy authentication, which itself has been off in Exchange Online and SharePoint Online, by default, since August 2017. The term legacy authentication doesn't refer to one particular protocol, but rather any that do not support Multi-Factor Authentication (MFA).  Protocols that support…