https://campbell.scot/tags/mfa/ Recent content in Mfa on Ru Campbell MVP Hugo en-gb Wed, 31 Mar 2021 07:13:29 +0000 https://campbell.scot/conditional-access-skip-mfa-for-company-devices-on-the-company-network/ Wed, 31 Mar 2021 07:13:29 +0000 https://campbell.scot/conditional-access-skip-mfa-for-company-devices-on-the-company-network/ <p>A common Conditional Access policy is to add trusted locations as an exception to multi-factor authorisation requirements.  The logic goes, if you accessing resources such as Office 365 from a location such as the corporate office, that&rsquo;s an element of verification in itself that your login should be trusted, so we should improve your user experience by removing MFA.  Personally, I support the use of MFA <em>regardless</em> of where you are authenticating (at the very least, if you have an Azure AD admin role assigned).  However, doing something like this is a great option if you are introducing MFA from scratch: you will improve user buy in the less you change their standard experience.  Then, increase the scope gradually.</p> https://campbell.scot/understanding-modern-vs-legacy-authentication-in-microsoft-365/ Sun, 24 Jan 2021 13:46:35 +0000 https://campbell.scot/understanding-modern-vs-legacy-authentication-in-microsoft-365/ <p>Since October 2019, Microsoft has enabled Security Defaults by default in new Microsoft 365 tenants.  Security Defaults are a group of best-practice security settings, and one of note is the disablement of all <strong>legacy authentication</strong>, which itself has been off in Exchange Online and SharePoint Online, by default, since August 2017.</p> <p>The term legacy authentication doesn&rsquo;t refer to one particular protocol, but rather any that do not support Multi-Factor Authentication (MFA).  Protocols that support MFA are described as <strong>modern authentication</strong>.  In the context of Microsoft 365 and Azure Active Directory, which handles Microsoft 365&rsquo;s authentication, these are protocols such as ADAL and OAuth.</p>