Brian Reid – Microsoft 365 Subject Matter Expert

Category: modern authentication

  • Who Is Still Using Text Messaging For Multi-Factor Authentication

    Who Is Still Using Text Messaging For Multi-Factor Authentication

    Hopefully not you, but that is not the point of this blog post. The point of this one is to query the sign-in logs in Microsoft Entra ID and report on other users in your tenant, and guest users from outside your tenant, who are still using SMS (text messages). Note that the user might…

  • Entra External ID and SAML Authentication

    Entra External ID and SAML Authentication

    A new feature to the Entra External ID product is SAML authentication. External ID is used for authenticating your customers to your apps, rather than the “workforce” product for staff and guests. SAML has been in the workforce Entra ID (previously Azure AD) product for years. This blog will walk through the steps to set…

  • Configuring and Migrating From Entra ID Custom Controls to External Authentication Methods

    Configuring and Migrating From Entra ID Custom Controls to External Authentication Methods

    Custom Controls date back to the Azure AD days and the ability to link an external MFA provider into authentication but without the full step of federation. This feature was in preview for years and never left preview, and was limited to I think three companies. Over the years I have seen this a number…

  • Adobe Creative Cloud and Conditional Access Restrictions

    Adobe Creative Cloud and Conditional Access Restrictions

    In Azure Active Directory it is possible to create Conditional Access rules that restrict applications to only running on company owned or managed devices. Conditional Access approves or rejects the login based on that knowledge – so what happens if the app in question is running on a company (managed or compliant) machine, but the…

  • MFA and End User Impacts

    This article will look at the various different MFA settings found in Azure AD (which controls MFA for Office 365 and other SaaS services) and how those decisions impact users. There is lots on the internet on enabling MFA, and lots on what that looks like for the user – but nothing I could see…

  • Getting Rid of Passwords in Azure AD / Office 365

    Getting Rid of Passwords in Azure AD / Office 365

    This article is based on the public preview of the use of hardware tokens/Microsoft Authenticator to do sign-in without passwords released in July 2019 Using Microsoft Authenticator for Passwordless Sign-in You used to be able to do this by running the following in PowerShell for the last few years New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault…

  • Azure AD Single Sign-On Basic Auth Popup

    When configuring Azure AD SSO as part of Pass-Through Authentication (PTA) or with Password Hash Authentication (PHA) you need now (since March 2018) to only configure a single URL in the Intranet Zone in Windows. That URL is https://autologon.microsoftazuread-sso.com and this can be rolled out as a registry preference via Group Policy. Before March 2018…