Identity and Access Management (IAM)
Are you looking for information about Identity and Access Management (IAM) in Microsoft Azure and Microsoft 365? In this archive you will find all our posts about Identity and Access Management (IAM).
Microsoft Entra: How to Block Legacy Authentication Using Conditional Access
Protocols such as POP3, IMAP, SMTP, or MAPI rely on outdated authentication methods known as legacy authentication. These methods do not support modern security mechanisms such as multi-factor authentication (MFA), making them a preferred entry point for attackers.
Reviewing user registrations for multi-factor authentication
To perform a security audit, it is necessary to review the registered multi-factor authentication methods of each user in the Microsoft Tenant. This can help identify and address potential vulnerabilities before they are exploited. Additionally, this evaluation can be used to inform users of potentially more convenient MFA methods they could use instead of their current methods.
App Password for Multi-Factor Authentication
Apps that do not support two-step verification can cause problems after enabling multi-factor authentication (MFA). These apps, also called non-browser apps, can no longer be used after multi-factor authentication is enabled. To continue to use these apps securely, an App Password can be used for authentication. An App Password is a secure, randomly generated password that can be used instead of the regular password for an app.
User guide: Enabling multi-factor authentication
Enabling Multi-Factor Authentication (MFA) significantly increases the security of user accounts when accessing Microsoft Azure and Microsoft 365 online services. The following user guide will help to set up one of the following authentication methods. Three options are available to authenticate with the second factor:
Enforce Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) provides a high level of protection for identities in the cloud. The user must identify himself with a second factor in addition to the password. Without this second factor, access to cloud apps are prevented. The feature “Azure AD Conditional Access” can be used to enforce multi-factor authentication. At least two of the following authentication methods then become mandatory: