Identity and Access Management (IAM)
Are you looking for information about Identity and Access Management (IAM) in Microsoft Azure and Microsoft 365? In this archive you will find all our posts about Identity and Access Management (IAM).
Passwordless Sign In with Microsoft Entra ID (Azure AD) and YubiKey (FIDO2)
Passwordless Sign In with a FIDO2-enabled security key such as a YubiKey in conjunction with Microsoft Entra ID (Azure AD) provides high security while maintaining ease of use. There is no longer any need to enter a username and password. For users with private mobile devices who do not want to install the Microsoft Authenticator app, a security key from YubiKey offers a good alternative. This tutorial sets up a YubiKey 5 security key for passwordless sign in to Microsoft Azure and Microsoft 365 services.
Microsoft Authenticator App: Improve security with number matching
The use of multi-factor authentication is considered one of the most secure methods to protect an account and is therefore recommended by pretty much every provider by now. Due to this fact, the user receives many multi-factor authentication requests every day, which are probably no longer considered carefully and are approved out of habit.Microsoft introduces number matching, a method that can prevent blind approval of the request. For existing users with the Microsoft Authenticator App, number matching will be enabled by default on February 27, 2023.The following tutorial will immediately enable number matching and therefore increase login security.
Microsoft Authenticator App: Improve security with app and location information
Multi-Factor Authentication improves security of every identity. Microsoft is working constantly to improve the security of their Microsoft 365 and Microsoft Azure accounts. A new feature has been added to the Microsoft Authenticator App, which displays additional information in multi-factor authentication approval requests:
Passwordless Sign In with Microsoft Authenticator App
Passwordless sign in with the Microsoft Authenticator App makes sign in to Azure and Microsoft 365 cloud services more secure and convenient for the user. The typing of a password is replaced by a modern method, e.g. the Microsoft Authenticator app. Passwordless sign-in to cloud apps can be achieved using various methods: For a significant increase of identities security, the cost-effective variant with the Microsoft Authenticator App is the best choice.
Microsoft Entra: Roll Over Kerberos Decryption Key
With Seamless Single Sign-On (Seamless SSO), users can leverage the same credentials for both on-premises and cloud-based services. Repeated authentication prompts between these environments are eliminated, as authentication data is automatically exchanged between Active Directory and Microsoft Entra. As part of the Seamless SSO configuration, a computer account named AZUREADSSOACC is created in the on-premises Active Directory. For security reasons, Microsoft recommends rotating the associated Kerberos decryption key every 30 days.