Categories
Authentication Azure Active Directory Azure AD AzureAD conditional access

Baseline Policy Replacements: Conditional Access MFA for Administrators

From Feb 29th 2020 Microsoft will remove the “baseline policies” from Azure AD. These were very useful in the past to enable blanket settings like MFA for all admin accounts (well, selected admin roles) and to disable legacy auth for the same admin roles. With the removal of the baseline policies you need to ensure […]

Categories
app password ATP Authentication Azure Azure Active Directory Azure AD Azure Information Protection AzureAD conditional access EM+S email enterprise mobility + security management mcm mcsm MFA microsoft modern authentication multi-factor auth Multi-Factor Authentication sspr

MFA and End User Impacts

This article will look at the various different MFA settings found in Azure AD (which controls MFA for Office 365 and other SaaS services) and how those decisions impact users. There is lots on the internet on enabling MFA, and lots on what that looks like for the user – but nothing I could see […]

Categories
Authentication Azure Active Directory Azure AD AzureAD FIDO modern authentication Multi-Factor Authentication password yubikey

Getting Rid of Passwords in Azure AD / Office 365

This article is based on the public preview of the use of hardware tokens/Microsoft Authenticator to do sign-in without passwords released in July 2019 Using Microsoft Authenticator for Passwordless Sign-in You used to be able to do this by running the following in PowerShell for the last few years New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault […]

Categories
Authentication EOP exchange exchange online Exchange Online Protection Exchange Server hybrid smtp spam

Anonymous Emails Between On-Premises and Exchange Online

When you set up Exchange Hybrid, it should configure your Exchange organizations (both on-premises and cloud) to support the fact that an email from a person in one of the organizations should appear as internal to a recipient in the other organization. In Outlook that means you will see “Display Name” at the top of […]

Categories
Authentication windows 10 windows 7

Outlook Authentication Broken–Username and Password Missing

I came across an issue recently where the Outlook security dialog box popup was broken. Rather than looking as below, the username and password fields where missing: The dialog box appeared as: Notice that the username and password fields are missing! Also missing, and the key to this issue, is the picture is missing too. […]

Categories
Authentication Azure Active Directory Azure AD Office Office 365 SSO

Azure AD SSO and Disabled Computer Accounts

When you set up Azure AD SSO, the Azure AD Connect application creates a computer account called AZUREADSSOACC. Do not disable this account, or SSO stops working. I’ve had a few clients in the past week disable this when generally disabling all the computer accounts that have not logged in for X days. Therefore if […]