Empower Your Security: Embrace the Evolution of MFA

March 20, 2024
2 min read

I recently received some significant news from Microsoft that left me both intrigued and slightly apprehensive. In November 2023, they announced a proactive measure to enhance security across Entra Id tenants by automatically deploying Microsoft-managed Conditional Access policies. Initially, the rollout was slated to activate after 90 days, but now, Microsoft has extended the timeline indefinitely. Instead, they'll provide a 28-day notice before implementation, ensuring we have ample time to prepare.

This week, I stumbled upon a blog post detailing the progress of this initiative. It's impressive to learn that these policies have already reached over 500,000 tenants, indicating a widespread adoption within the community. However, what caught my attention even more were the specifics of the policies provisioned, especially considering their potential impact on our organization's security posture.

Among the various policies outlined, three stood out as particularly noteworthy:

  • Require multifactor authentication for admin portals: This policy adds an extra layer of security by mandating multifactor authentication for administrative access, enhancing protection against unauthorized entry points.
  • Require multifactor authentication for per-user multifactor authentication users: This policy targets user-specific accounts, ensuring that every user undergoes multifactor authentication, thus bolstering overall account security.
  • Require multifactor authentication for high-risk sign-ins: Reserved for tenants with Entra Id P2 licenses, this policy aims to mitigate risks associated with high-risk sign-ins by enforcing multifactor authentication, reducing the likelihood of unauthorized access due to compromised credentials.

While these policies undoubtedly enhance security, Microsoft's approach leaves little room for exceptions or customizations. This lack of flexibility concerns me, especially considering our own and of course your existing Conditional Access policies enforcing multifactor authentication. As a precautionary measure, I'm considering modifying these policies to align with Microsoft's rollout timeline or to potentially disable conflicting policies altogether.

In today's world, where cybersecurity threats loom larger than ever, embracing initiatives like this one from Microsoft and proactive deploying of multifactor authentication is essential. However, it's equally crucial to ensure a seamless integration that doesn't inadvertently disrupt your operations. With careful planning and strategic adjustments, I'm confident we can navigate this transition smoothly while fortifying our defenses against evolving threats.

Thx for reading.

Rene Vlieger

Rene Vlieger

As a Microsoft 365 consultant, Microsoft MVP and a Microsoft Certified Trainer (MCT), I spend my days immersed in the world of cloud technology, assisting organizations on their transformative journey. My passion lies in enhancing productivity, fortifying governance, ensuring compliance, bolstering security measures, and fostering seamless adoption of new technologies.

In my role, I strive to be more than just a consultant; I aim to be a catalyst for organizational growth and evolution. By guiding businesses through logical steps, I help them ascend the maturity ladder, ensuring that every technological advancement is not just implemented but embraced wholeheartedly. But my commitment doesn't end there. I believe in the power of sharing knowledge, which is why I invest heavily in training sessions, workshops, and yes, even penning (or typing!) joint blogs. 

My Microsoft 365 knowledge includes Microsoft Teams, SharePoint, OneDrive, Loop, Viva, Purview, Defender, Entra, Outlook, Whiteboard, Copilot, and Forms.