Microsoft Conditional Access - 7 New Features Admins MUST Know!
Вставка
- Опубліковано 5 лип 2024
- Conditional Access continues to develop at a lightning pace, and it’s critical that IT Admins keep there skills up to date. In this session, Andy will take you through 7 awesome and powerful new features that will ensure your environment is even more secure than before. From reporting to Multi tenant settings, to Phishing resistant MFA and so much more. If you’re responsible for managing Microsoft Entra ID or Microsoft 365, this is a session that you must see.
For more on me visit me at www.Andymalone.org
Thanks to today’s sponsor, BlueTally. Visit www.bluetallyapp.com
Looking for more? Why not sign up to my Patreon page / andymalonemvp
You can also attend one of my upcoming summer online classes. Visit www.quality-training.co.uk/bo...
Time Codes
00:00 Introductions
01:55 New Conditional Access Settings
06:49 New Multi Tenant Settings
07:35 New external / Guest User Settings
09:58 New Network Settings
12:22 New Insider Risk Management Settings
14:11 New Authentication Flows
17:41 Session Conclusions
This is fantastic. Thank you for taking the time to show us. I`m going to spend my weekends with your videos :-)
Thanks Andy. Great Video
Great Video cheers 🙂
Hey Andy this is great, thank you. I have a question: Isn't Network section in CA policy same as Named Locations IP ranges? Can we set private IP ranges in Network section?
Not that I’m aware of
Hero!
Hi Andy, thank you for sharing the new features. Can the token protection protect users who are not using MFA due IOT device in the store that can't work with a user who is signing in with MFA on their profiles?
A short answer is no. Token protection only works in a limited format at the moment but is currently being rolled out by Microsoft. At the moment you can use it on the Microsoft 365 portals and apps as well as the admin portals. The idea of being that it can protect admin accounts from token replay attacks. For more information visit Microsoft learn and take a look at the various documentation. Good luck and thanks for tuning in Andy
Can you do a video showcasing MFA whenever an eligible role is activated ?
Thanks for the information. On a slightly separate note, does anyone know of a way admins can create a temporary sandbox tenant for exploring various features without using a production environment?
That’s what trial accounts were for they were great. However, Microsoft are really cutting back on these and making it difficult to take trial subscriptions without the requirement of a credit card.
I pay for two licenses just to test things out.
Hi Andy, is it possible with CA to block office apps like word, excel and outlook, but keep onedrive and teams working everywhere ?
You can select the apps option on user account properties and deselect apps that you don’t want the user to see
Device Code Flow - is this the same as when you're logged into or using Safari on one device, then continue to use it on another?
Authentication Flow - logged in onto O365 on one device, then use on another with the same creds?
Have I understood this right?
You got it 😊
Thanks for the informative content as always. Regarding the authentication methods: in the case for SSPR, what would be your recommendation?
SSPR can be setup with either 1 or 2 factor MFA. 2-factor MFA sounds the most secure to me, but the 2nd factor for SSPR can only be a phone number (office phone or SMS) or a secondary emailadress. Both of those secondary SSPR methods are quite unsecure.
So my question would be: Is it more secure to enable SSPR with just 1-factor MFA (which would be the Authenticator App), or would it be better to enable SSPR with 2-factor MFA (Authenticator App + Phone Number OR Emailaddress)?
In my opinion, SSPR is a potential back door into your active directory. Personally, I’m not a fan of it and it encourages retaining passwords when really we want to get rid of them. Consider. Phishing resistant credentials instead instead for example pass keys.
@@AndyMaloneMVP Thanks Andy, we're already working on going passwordless asap :)
Risk related data activities - Timestamp 12:37 - what does this mean? under Insider Risk?
For this to work, you need to set up an insider risk policy in Microsoft purview
please i really want to join the class am really interested
We’d love to have you just click on the book button and you’re all set
@@AndyMaloneMVP where can i find the boook button please
@@Bigapps1Zwww.quality-training.co.uk/book-online