Notice how each group is a subset of the other, growing in strength as you move down the list. Phish Resistant MFA are three separate controls (Windows Hello for Business, FIDO2 Security Keys, Certificate Based Authentication (Multi-Factor)). These four are high assurance authentication strength methods. Passwordless MFA is four individual controls, which are Windows Hello for Business, FIDO2 Security Keys, Certificate Based Authentication (Multi-Factor) and Microsoft Authenticator (Phone Sign-On). Its a long list, and so this screenshot from the area where you add your own Authentication Strengths gives you an idea of what it includes: MFA Authentication Strengths Multi-Factor Authentication is the same as the previous MFA control in Conditional Access – that is, it allows the use of 17 different MFA methods. Lets look at the defaults and then look at creating our own. There are three Authentication Strength rules in place “out of the box”, and you can add your own. Indeed, the MFA control in Conditional Access now recommends you try this feature instead of just selecting MFA: Recommendation for moving from “MFA” to “Authentication Strength” Now you have the option to control exactly what type of second factor of authentication you require. Before this feature was available you had the option of allowing access with no second factor, MFA as a second factor (any MFA), requiring a hybrid AAD Joined or compliant device, as well as options controlling the apps you can use. These allow you to control the strength of the authentication you need to be used for that conditional access rule. Newly released to Conditional Access in Azure AD is the “Authentication Strengths” settings.
0 Comments
Leave a Reply. |