Oh. You got to passkeys here. So they are a bit delayed I guess. YES! I agree! Always show geo location for login requests as well as the requesting app! And educate your users on why this is important. It minimizes the risk of unintentionally letting someone else in
Enjoying the video... I wanted to give a "Like" but the count is currently at 420, and I don't want to be the one to ruin everyone's fun. I'll circle back after some other spoilsport does.
@Andy - at 10:08: technically the SIM swap is all about having no physical access to the device nowadays. See any article on this - this point is getting enough info on a person to be able to impersonate the victim to their cell phone plan provider and getting them to switch the SIM to being registered to their (the attacker’s) phone
biggest fear with conditional access is causing user disruption. For example: when I turned on MFA, I didnt realize it would sign users Outlook settings and we had a lot of calls. Report only sounds somewhat promising but doesnt necessarily show if the user will be receiving any prompts on their end. Is there a recommended way of approaching this to have the least amount of unexpected interruptions?
I wonder if it’s a conflict with your settings and perhaps MS managed settings. Hmm not sure other than testing on small groups of users until you find the right formula. Good luck😆
Hey Andy, with regards to the methods a user can enroll in MFA, if you have several checked, and you only want to lock it down to authenticator app, what happens to all of the users that are currently set up with text message as example they get forced to the app as soon as they try to authenticate next time?
@@AndyMaloneMVP thanks I was afraid of that, our leadership will not accept that because of the potential thousands of people calling the helpdesk with problems :(
As you’ve described in the video - would you rate the conditional access settings a ‘phishing resistant’? Or it’s more we should be really implementing policies that target based on whether the request is coming from a compliant and non compliant device and ensure browser tokens or similar are expired.
No. Conditional access is a technology that enforces additional checks when a user logs in. These "signals" if met can be enforced with additional authentication methods. For example you can create a policy that enforces phishing resistant MFA which includes a yubikey, (FIDO 2 Key), or biometric using windows Hello for Business for example.
Hey Andy! Being a Mac guy, or user at least, do you know if Microsoft has released the synchronized password experience for Sonoma yet? I use both a PC and a Mac for work since I do intune configurations and software distribution on both platforms for customers and test them. When enrolling Macs in intune you get an M365 login to start with and then you have to create a local account to log into your Mac. At some point with Sonoma this was going to change and the enrollment would be able to create the user account off of the M364 login and then keep password changes in sync. Though I read something about having to create one local account first for it to work which doesn’t really make much sense. Do you know if this is released yet? And also, it’s February now and still no passkey support for M365 accounts.. you talked about out this in a previous video, that FIDO2 keys would change to reflect this in EntraID when that was supported. Haven’t seen that rolled out to any tenants I manage yet.
@@AndyMaloneMVP well Platform SSO is released already and works well. But the missing piece is not having to create a local account and password. That is not there yet afaik
thank you for going over the report settings, and SIM swapping does not require physical access they just need to know your phone number and they socially engineer the phone company. Is there any way to see who are the most active users ? report is hard to filter when you have so many users
There are filters in the admin centre that you can use, and you can also create your own filters. You can also export the files as a CSV file into Microsoft Excel and analyse it here with Power BI
I would go with log analytics. Then you can use a workbook with a heatmap of your most actice users. Search for „Conditional Access insights and reporting“ in MS Docs.
Oh. You got to passkeys here. So they are a bit delayed I guess.
YES! I agree! Always show geo location for login requests as well as the requesting app! And educate your users on why this is important. It minimizes the risk of unintentionally letting someone else in
Enjoying the video... I wanted to give a "Like" but the count is currently at 420, and I don't want to be the one to ruin everyone's fun. I'll circle back after some other spoilsport does.
Genius Andy! More Security Best Practices PLZ
@Andy - at 10:08: technically the SIM swap is all about having no physical access to the device nowadays. See any article on this - this point is getting enough info on a person to be able to impersonate the victim to their cell phone plan provider and getting them to switch the SIM to being registered to their (the attacker’s) phone
biggest fear with conditional access is causing user disruption. For example: when I turned on MFA, I didnt realize it would sign users Outlook settings and we had a lot of calls. Report only sounds somewhat promising but doesnt necessarily show if the user will be receiving any prompts on their end. Is there a recommended way of approaching this to have the least amount of unexpected interruptions?
I wonder if it’s a conflict with your settings and perhaps MS managed settings. Hmm not sure other than testing on small groups of users until you find the right formula. Good luck😆
I had to enable it for a school Trust - imagine the chaos when students were prompted for their Authenticator application!!
Thank you Andy for this new, very interesting video, with a price on the P1 subscribers ;-)
Hey Andy, with regards to the methods a user can enroll in MFA, if you have several checked, and you only want to lock it down to authenticator app, what happens to all of the users that are currently set up with text message as example they get forced to the app as soon as they try to authenticate next time?
They will be forced to change
@@AndyMaloneMVP thanks I was afraid of that, our leadership will not accept that because of the potential thousands of people calling the helpdesk with problems :(
Hello friend, were you able to definitively solve the invalid traffic issue? I would appreciate an answer, I am Spanish (you know how it feels)
The issue is at Google. There is nothing you can do and it will resolve itself with 2 to 3 weeks.
Great quick key points to check, very clear, thanks
+
Great info. Thank you. Esp w license info. Good job.
Excellent content. Thanks for sharing.👍
As you’ve described in the video - would you rate the conditional access settings a ‘phishing resistant’?
Or it’s more we should be really implementing policies that target based on whether the request is coming from a compliant and non compliant device and ensure browser tokens or similar are expired.
No. Conditional access is a technology that enforces additional checks when a user logs in. These "signals" if met can be enforced with additional authentication methods. For example you can create a policy that enforces phishing resistant MFA which includes a yubikey, (FIDO 2 Key), or biometric using windows Hello for Business for example.
Great video Andy! Very informative and really helpful for all levels of competency, even if you just want to polish up those policies! Thanks again!
Thanks and you’re very welcome 😊👏
Educative! Thanks!
Hey Andy! Being a Mac guy, or user at least, do you know if Microsoft has released the synchronized password experience for Sonoma yet? I use both a PC and a Mac for work since I do intune configurations and software distribution on both platforms for customers and test them. When enrolling Macs in intune you get an M365 login to start with and then you have to create a local account to log into your Mac. At some point with Sonoma this was going to change and the enrollment would be able to create the user account off of the M364 login and then keep password changes in sync. Though I read something about having to create one local account first for it to work which doesn’t really make much sense. Do you know if this is released yet? And also, it’s February now and still no passkey support for M365 accounts.. you talked about out this in a previous video, that FIDO2 keys would change to reflect this in EntraID when that was supported. Haven’t seen that rolled out to any tenants I manage yet.
I do believe they are in the process of releasing an SSO client for Mac. I’ve not personally seen it yet but I’m looking forward to trying it. 👍
@@AndyMaloneMVP well Platform SSO is released already and works well. But the missing piece is not having to create a local account and password. That is not there yet afaik
Always helpful - thank you!
Is there video explain incident and investigation at Defender portal?
Take a look in my Defender playlist
Is this for business accounts only? Does it apply to Home users?
Business and enterprise only I’m afraid. Home users get exchange online protection pre configured and you do not have access to the admin portals.
@@AndyMaloneMVP Thanks!!!
thank you for going over the report settings, and SIM swapping does not require physical access they just need to know your phone number and they socially engineer the phone company.
Is there any way to see who are the most active users ? report is hard to filter when you have so many users
There are filters in the admin centre that you can use, and you can also create your own filters. You can also export the files as a CSV file into Microsoft Excel and analyse it here with Power BI
I would go with log analytics. Then you can use a workbook with a heatmap of your most actice users. Search for „Conditional Access insights and reporting“ in MS Docs.