Category: FIDO2

  • Who Is Still Using Text Messaging For Multi-Factor Authentication

    Who Is Still Using Text Messaging For Multi-Factor Authentication

    Hopefully not you, but that is not the point of this blog post. The point of this one is to query the sign-in logs in Microsoft Entra ID and report on other users in your tenant, and guest users from outside your tenant, who are still using SMS (text messages). Note that the user might…

  • Deleting a Rogue Passkey Device

    Deleting a Rogue Passkey Device

    If you try and set up a passkey in Windows there is the possibility that if it goes wrong you will end up with an entry for a device but no passkey. I got this for a OnePlus device as the OnePlus Android OS (at the time of writing) does not support allowing Microsoft Authenticator…

  • Conditional Access Authentication Strengths

    Conditional Access Authentication Strengths

    Newly released to Conditional Access in Azure AD is the “Authentication Strengths” settings. These allow you to control the strength of the authentication you need to be used for that conditional access rule. Before this feature was available you had the option of allowing access with no second factor, MFA as a second factor (any…

  • Getting Rid of Passwords in Azure AD / Office 365

    Getting Rid of Passwords in Azure AD / Office 365

    This article is based on the public preview of the use of hardware tokens/Microsoft Authenticator to do sign-in without passwords released in July 2019 Using Microsoft Authenticator for Passwordless Sign-in You used to be able to do this by running the following in PowerShell for the last few years New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault…