Microsoft Conditional Access - 7 New Features Admins MUST Know!
Рет қаралды 13,165
Күн бұрынConditional Access continues to develop at a lightning pace, and it’s critical that IT Admins keep there skills up to date. In this session, Andy will take you through 7 awesome and powerful new features that will ensure your environment is even more secure than before. From reporting to Multi tenant settings, to Phishing resistant MFA and so much more. If you’re responsible for managing Microsoft Entra ID or Microsoft 365, this is a session that you must see.
For more on me visit me at www.Andymalone.org
Thanks to today’s sponsor, BlueTally. Visit www.bluetallyapp.com
Looking for more? Why not sign up to my Patreon page / andymalonemvp
Time Codes
00:00 Introductions
01:55 New Conditional Access Settings
06:49 New Multi Tenant Settings
07:35 New external / Guest User Settings
09:58 New Network Settings
12:22 New Insider Risk Management Settings
14:11 New Authentication Flows
17:41 Session Conclusions
@mikefus1 2 ай бұрын
This is fantastic. Thank you for taking the time to show us. I`m going to spend my weekends with your videos :-)
@martinschlenker6145 2 ай бұрын
Thanks Andy. Great Video
@grahamelgie9281 2 ай бұрын
Great Video cheers 🙂
@PrinceJohn84 2 ай бұрын
Hero!
@leomagallon1061 2 ай бұрын
Can you do a video showcasing MFA whenever an eligible role is activated ?
@nikkova2007 2 ай бұрын
Hey Andy this is great, thank you. I have a question: Isn't Network section in CA policy same as Named Locations IP ranges? Can we set private IP ranges in Network section?
@AndyMaloneMVP 2 ай бұрын
Not that I’m aware of
@frankmvabaza 2 ай бұрын
Hi Andy, thank you for sharing the new features. Can the token protection protect users who are not using MFA due IOT device in the store that can't work with a user who is signing in with MFA on their profiles?
@AndyMaloneMVP 2 ай бұрын
A short answer is no. Token protection only works in a limited format at the moment but is currently being rolled out by Microsoft. At the moment you can use it on the Microsoft 365 portals and apps as well as the admin portals. The idea of being that it can protect admin accounts from token replay attacks. For more information visit Microsoft learn and take a look at the various documentation. Good luck and thanks for tuning in Andy
@lifeslooker 2 ай бұрын
Device Code Flow - is this the same as when you're logged into or using Safari on one device, then continue to use it on another? Authentication Flow - logged in onto O365 on one device, then use on another with the same creds? Have I understood this right?
@AndyMaloneMVP 2 ай бұрын
You got it 😊
@gdr1174 2 ай бұрын
Thanks for the information. On a slightly separate note, does anyone know of a way admins can create a temporary sandbox tenant for exploring various features without using a production environment?
@AndyMaloneMVP 2 ай бұрын
That’s what trial accounts were for they were great. However, Microsoft are really cutting back on these and making it difficult to take trial subscriptions without the requirement of a credit card.
@JessieS 2 ай бұрын
I pay for two licenses just to test things out.
@alexandrecarreirapt 2 ай бұрын
Hi Andy, is it possible with CA to block office apps like word, excel and outlook, but keep onedrive and teams working everywhere ?
@AndyMaloneMVP 2 ай бұрын
You can select the apps option on user account properties and deselect apps that you don’t want the user to see
@moepskie 2 ай бұрын
Thanks for the informative content as always. Regarding the authentication methods: in the case for SSPR, what would be your recommendation? SSPR can be setup with either 1 or 2 factor MFA. 2-factor MFA sounds the most secure to me, but the 2nd factor for SSPR can only be a phone number (office phone or SMS) or a secondary emailadress. Both of those secondary SSPR methods are quite unsecure. So my question would be: Is it more secure to enable SSPR with just 1-factor MFA (which would be the Authenticator App), or would it be better to enable SSPR with 2-factor MFA (Authenticator App + Phone Number OR Emailaddress)?
@AndyMaloneMVP 2 ай бұрын
In my opinion, SSPR is a potential back door into your active directory. Personally, I’m not a fan of it and it encourages retaining passwords when really we want to get rid of them. Consider. Phishing resistant credentials instead instead for example pass keys.
@moepskie 2 ай бұрын
@@AndyMaloneMVP Thanks Andy, we're already working on going passwordless asap :)
@lifeslooker 2 ай бұрын
Risk related data activities - Timestamp 12:37 - what does this mean? under Insider Risk?
@AndyMaloneMVP 2 ай бұрын
For this to work, you need to set up an insider risk policy in Microsoft purview
@Bigapps1Z 2 ай бұрын
please i really want to join the class am really interested
@AndyMaloneMVP 2 ай бұрын
We’d love to have you just click on the book button and you’re all set
@Bigapps1Z 2 ай бұрын
@@AndyMaloneMVP where can i find the boook button please
@AndyMaloneMVP 2 ай бұрын
@@Bigapps1Zwww.quality-training.co.uk/book-online
Nikita Zdradovskiy
Рет қаралды 7 МЛН
John Savill's Technical Training
Рет қаралды 11 М.