Next up, we can configure the conditions for this policy. You can use granular controls here and specify different policies for different cloud apps.įor example: you might require MFA only when users are logged in on a non-company device, except when using the Azure portal, then MFA is always required. Select the cloud app for which you want to configure this policy. Remember that you should exclude any (service) accounts that use services that do not support Modern Authentication. In this example I chose to enable it for all users, but excluded my Break The Glass Administrator group (more info about those in the last part of this series). Navigate to, select ‘Azure Active Directory’ in the left side menu and click ‘New Policy’įill in your desired policy name and select ‘Users and group’.Ĭhoose which users you want to include/exclude in the policy. Next up, I will walk you through enabling MFA through CA & give an explanation about the last two caveats. Not all MFA settings are configurable through Conditional Access.MFA through Conditional Access doesn’t support app passwords.An Azure AD Premium P1 license is required to unlock Conditional Access and at 5,40 euro per user, they don’t come cheap.Microsoft recommends enabling MFA through Conditional Access and in my experience, it’s much easier for the administrator. It’s possible to only require MFA from non-company devices, only when accessing Sharepoint or when the user is out of the office. The next time the user sign-ins, he will be prompted to configure Multifactor Authentication.Įnabling it by using Conditional Access enables you to enable MFA on a group basis and with much finer controls. Just navigate to and select the user for whom you want to enable MFA. The first way is the oldest and most known. Multifactor Authentication can be enabled in two different ways, enabling it on a user basis through the Office365 admin center or with a Conditional Access policy in Azure AD. This first part will focus on enabling Multifactor Authentication. Through this three part series I will guide you through the best practices of setting up MFA, disabling basic authentication and configuring a break the glass administrator account. Multifactor Authentication plays a big part in this process.īut implementing MFA into an Microsoft 365 environment can be pretty confusing.
With the amount of attacks on cloud identities increasing each day, it is paramount to secure our identities. Multifactor Authentication is a hot topic at the moment.
0 kommentar(er)
