How to deploy Multi Factor Authentication MFA and avoid the pitfalls!

Hi Andy, great content about Conditional Access. There are sometimes confusing discussions about MFA and conditional access. There ist still MFA around in Azure AD. But conditional access is the better way. For our customer we recommend MFA every time for high priviledged accounts like global admins etc. Or just implement PIM with MFA. Reduce your surface. PIM might be another topic for another video, for getting granular access with the least priviledges.

oliverhuppe

Thank you for sharing the information, it is helpful! Question, on my tenant, in the user service setting, I don't have the "Trusted ips" where should I enable that option?

readyone

What is the ongoing user experience like, not just the first time? We use Microsoft 365 with desktop Outlook and also get email pulled into our iPhones using iPhone native Mail client. Does the user have to input a code once a day at work and every time they look at their phone email or only after a reboot? Thanks, appreciate the presentation.

IsItTrueThat

Andy, when you showed the Authentication Methods > User registration details, is that for MFA registration or for registration to one of the authentication methods enabled in Policies (also under Authentication Methods)? I ask because I just sent up a new tenant and none of those policies are enabled. However, I setup a CA policy to require MFA. I logged in with a test user for the first time and it made me register for MFA as expected. However, when I look in the User Registration details, there are no results. I just want to make sure I haven't misunderstood something. I'd also like to see who has currently registered for MFA and what method they chose if possible. Thanks!

goodbyeblueskygoodby

Hi Andy, I have 2 questions. 1. Is there a conditional access if the pc has not sign in over period of day (ex: 30 days), block the device to use company resources. 2.Is there a template or easy way to uninstall Window default apps? thank you

tomchong

I appreciate your helpful videos.What is the differenece between MFA and two-step verification ?

sericaxyz

Hi Andy, thanks for your video. I am wondering, how about guest users? If MFA is activated for all, what happens with their acces? An also, we have our zimbra mail connected with outlook by imap, if modern auth is activated ( imap desactivé) will it cut this acces? Thanks a lot

noradimitrova

Thank you for your videos.
How can I make it so that external users are required to register MFA when they try to access files / folders shared from an internal users OneDrive?
And that without manually addiing them to AAD.
I can see that when I invite users to an Teams they are getting an guestaccount in the AAD, so then I can add a conditional policy, but not when they are shared files and folders from a users OneDrive.

patrikbohman

The issue I'm having is with in the hybrid environment. The 365 client desktop app. Won't prompt an mfa and people are stuck on the log in loop.

travisskeans

our external users frequently struggle when MFA is required on our side (the host) and on their side (guest employee using their org. MFA). double MFA set-up is confusing. I've found plenty of demos that use guest gmail accounts but I've not found one demonstrating a guest user trying to authenticate into a different tenant with their M365 account. Have you seen any guidance for that?

suewh-bfdd

Where is the first Conditional Access link that you mentioned (around minute 3)?

mvachon

Does MS MFA support a radius setup (legacy) or is NPS server mandatory? (Other MFA system supports Radius setup)

jrgenpeterguldfeldt

hello
I have activated MFA on an office 365 account and since then, I can't connect on this account with Outlook client, it is always the server exchange connection problem. I even deleted the current profile to create another one, but it didn't always work.
I have done several resolution tests but I still have the same problem.

I even uninstalled Office and then reinstalled it but when I want to add the outlook account again, there is always the server connection problem that appears. I don't know what to do anymore. Do you have any other solution for me? After applying the MFA, all other applications work except outlook

I have this same problem since I activated the mfa, outlook client does not work anymore

stephanielemejouk

Andy, you need a small carpet on the wall.. room's acoustics like room 101 from the popular book. Good vid though! Thanks.

tomekkrakowiak

So how do you suggest protecting those users not enrolled yet from password sprays and enrolling themselves gaining access?

jstump

Hi Andy got one question. if I add an account say pay pal into my Microsoft authenticator (MA) on one primary Android phone. then I have another secondary phone to serve as a backup in case I lost or damage the primary phone. I have Microsoft authenticator on both phones. i can see my personal Microsoft account on both phones but cannot see the pay pal code on the secondary phone. it only shows on my primary phone. why is that? please advise. I also use Google authenticator for other accounts like Facebook, Zoom, and Twitter and it will show codes across both devices. thanks a lot, in advance.

feichai

Bonjour, je ne n'ai pas bien compris la partie de l'authentification moderne, vous conseillez de l'activer ou de ne pas l'activer?

stephanielemejouk

Ive had some phones stolen or lost but email accounts are old ones my wife set up for me . But the addss for one is showing 220 mcdowell st.

MarkVanVleet-dbyx

How do people tend to manage users that don't have a company phone and refuse to register MFA with a personal device? Would you create a conditional access policy to then block that person from being able to sign in to 365 services from anywhere other than a trusted location like a company office?

gdr

Hello Andy, the audio of this video keeps skipping. For example if you go to time stamp 5:23 the audio drops or skips.

kb