What the Required MFA announcement really means.

  Рет қаралды 23,411

John Savill's Technical Training

John Savill's Technical Training

Күн бұрын

In this video I explain what the new required MFA change for Entra really means. What it impacts and what it doesn't!
Start of a Kusto query still playing with :-) The AuthenticationDetails are often not populated because using existing token though so not very functional right now.
SigninLogs
| where UserDisplayName != ""
| where UserPrincipalName != ""
| where (AppDisplayName == "Azure Portal" or AppDisplayName == "Microsoft Azure PowerShell" or AppDisplayName == "Microsoft Azure CLI")
| where AuthenticationDetails has "SingleFactorAuthentication"
| project TimeGenerated, UserDisplayName, UserPrincipalName, AppDisplayName, AuthenticationDetails
🔎 Looking for content on a particular topic? Search the channel. If I have something it will be there!
🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc.
▬▬▬▬▬▬ C H A P T E R S ⏰ ▬▬▬▬▬▬
00:00 - Introduction
00:27 - Required MFA
01:41 - NOT Azure HOSTED services
02:39 - Guest MFA
03:29 - NOT for workload identities
05:22 - Workload ID Premium use
06:17 - Don't use user accounts for automation
07:08 - Special cases
08:27 - WHAT MFA?
11:16 - Enforcement
12:50 - Exceptions?
13:07 - Timeline
13:30 - Which users will be impacted?
13:54 - Summary
▬▬▬▬▬▬ K E Y L I N K S 🔗 ▬▬▬▬▬▬
► Whiteboard:
🔗 raw.githubusercontent.com/joh...
► Required MFA Announcement:
🔗 techcommunity.microsoft.com/t...
► MFA by license:
🔗 learn.microsoft.com/entra/ide...
► External authentication:
🔗 techcommunity.microsoft.com/t...
▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬
📖 Recommended Learning Path for Azure
🔗 learn.onboardtoazure.com
🥇 Certification Content Repository
🔗 github.com/johnthebrit/Certif...
📅 Weekly Azure Update
🔗 • Azure Infrastructure U...
☁ Azure Master Class
🔗 • Microsoft Azure Master...
⚙ DevOps Master Class
🔗 • DevOps Master Class
💻 PowerShell Master Class
🔗 • PowerShell Master Class
🎓 Certification Cram Videos
🔗 • Microsoft Certificatio...
🧠 Mentoring Content
🔗 • Virtual Mentoring
❔ Questions? Maybe I answered it in my FAQ
🔗 savilltech.com/faq
👕 Cure Childhood Cancer Charity T-Shirt Channel Store
🔗 johns-t-shirts-store.creator-...
👂 Enable the subtitles and from there you can translate to your native language via the auto-translate feature in settings! • KZfaq Captions and A... for a demo of using this feature.
SUBSCRIBE ✅ / @ntfaqguy
#microsoft #passkeys #johnsavillstechnicaltraining

Пікірлер: 68
@NTFAQGuy
@NTFAQGuy Ай бұрын
Hey everyone, lets look at what the required MFA update really means! Please make sure to read the description for the chapters and key information about this video and others. ⚠ P L E A S E N O T E ⚠ 🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there! 🕰 I don't discuss future content nor take requests for future content so please don't ask 😇 🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc. 👂 Translate the captions to your native language via the auto-translate feature in settings! kzfaq.info/get/bejne/rJuSaJZetc2pnX0.html for a demo of using this feature. Thanks for watching! 🤙
@Adam-su4re
@Adam-su4re Ай бұрын
Clear explanation of the MFA announcement. Thanks John 👍
@NTFAQGuy
@NTFAQGuy Ай бұрын
Very welcome
@MrFirsito
@MrFirsito Ай бұрын
congrats Microsoft, accomplish to yet again making things more complicated edit: thanks for the video! great way to explain a rather obscure change
@renatojrestorque6150
@renatojrestorque6150 Ай бұрын
Thank you, Chief. This is a great update. 👍👍😉
@NTFAQGuy
@NTFAQGuy Ай бұрын
You bet
@butztanx
@butztanx Ай бұрын
Fantastic content, thanks for taking the time to do these videos. They're very much appreciated.
@NTFAQGuy
@NTFAQGuy Ай бұрын
My pleasure!
@Lethal83
@Lethal83 Ай бұрын
Great video John. Made it very clear and easy to follow as always.
@ajayshankasringh
@ajayshankasringh Ай бұрын
Easy to understand, sir, you are a Great teacher 🙏
@NTFAQGuy
@NTFAQGuy Ай бұрын
So nice of you. Thanks!
@jonsmallwood1657
@jonsmallwood1657 Ай бұрын
Thanks John. I appreciate your breakdown of their announcement.
@NTFAQGuy
@NTFAQGuy Ай бұрын
You bet
@VirtualPackets
@VirtualPackets Ай бұрын
Thanks for the clarification John, makes perfect sense in today world. Already doing all of this :-) so not going to have much of an impact, will keep an eye out for announcement in the portal.
@twistedaus
@twistedaus 2 күн бұрын
Great video as usual. Microsoft have really sh*t the bed with this one....
@MarkGibson85
@MarkGibson85 Ай бұрын
Great video, thanks as always John. For the KQL, I had to change: | where AuthenticationDetails has "SingleFactorAuthentication" to | where AuthenticationRequirement has "SingleFactorAuthentication" i.e. SigninLogs | where UserDisplayName != "" | where UserPrincipalName != "" | where (AppDisplayName == "Azure Portal" or AppDisplayName == "Microsoft Azure PowerShell" or AppDisplayName == "Microsoft Azure CLI") | where AuthenticationRequirement has "SingleFactorAuthentication" | project TimeGenerated, UserDisplayName, UserPrincipalName, AppDisplayName, AuthenticationDetails
@dgthekiller
@dgthekiller Ай бұрын
I missed that announcement, great video! I find Entra very confusing when it comes to licensing. Especially in mixed entra license environments. It is quite hard to stay license compliant. I also wish they would add a entra p2 license step up from p1. Especially those for business premium users.
@AzureCloudCowboy
@AzureCloudCowboy Ай бұрын
Awesome as always.
@NTFAQGuy
@NTFAQGuy Ай бұрын
Thank you! Cheers!
@adamr4654
@adamr4654 Ай бұрын
Fantastic stuff John thanks for the reply in MS blog post, you have provided more clarity than Microsoft!
@jlou65535
@jlou65535 Ай бұрын
Clear explanation as usual !
@NTFAQGuy
@NTFAQGuy Ай бұрын
Glad it was helpful!
@LifeisbetterwithaMalinois
@LifeisbetterwithaMalinois Ай бұрын
Thxs sir John😊
@NTFAQGuy
@NTFAQGuy Ай бұрын
Welcome 😊
@suneed1989
@suneed1989 Ай бұрын
Thank you - very well explained 👍
@NTFAQGuy
@NTFAQGuy Ай бұрын
Glad it was helpful!
@tony6626
@tony6626 Ай бұрын
Great video John. Only problem i see here is with our break glass accounts - only accounts excluded from MFA as it stands anyway.
@NTFAQGuy
@NTFAQGuy Ай бұрын
Yep talked about those in the video.
@yulaw3289
@yulaw3289 Ай бұрын
enjoying this video for today learning, thanks a lot!
@NTFAQGuy
@NTFAQGuy Ай бұрын
Glad you enjoyed it!
@markdriver8511
@markdriver8511 Ай бұрын
Great video thanks :-)
@GiovanniOrlandoi7
@GiovanniOrlandoi7 Ай бұрын
Thanks for the video!
@NTFAQGuy
@NTFAQGuy Ай бұрын
You're welcome!
@GavinPeters
@GavinPeters Ай бұрын
I'm surprised to hear that the break glass fido recommendation is 2 years old. 6 months ago, I set up PIM with BG accounts and ms documentation definitely still had the two safes method.
@jakeindalecio
@jakeindalecio Ай бұрын
Our problem is with Entra SSPR not supporting the external preview. Moving away from the CA custom control for Duo, any verification methods set up for SSPR show up in the list with Duo meaning a user can bypass our policy to use Duo by choosing a voice call or SMS for example. Our MSFT rep is looking into it but hasn't found anything so far.
@tajammulrizvi9504
@tajammulrizvi9504 Ай бұрын
Really useful Session.
@NTFAQGuy
@NTFAQGuy Ай бұрын
Glad to hear that!
@AHumanMale
@AHumanMale Ай бұрын
"That's wrong... don't do that." Good advice! 🙂
@lukebrennan5780
@lukebrennan5780 Ай бұрын
Thanks, Mr NTFAQ. (time flies!). This should have come from the PM's. heh! Really appreciate this.
@NTFAQGuy
@NTFAQGuy Ай бұрын
lol. Hey stranger :)
@jonkilner8816
@jonkilner8816 Ай бұрын
So, Microsoft are releasing a feature in July that affects authentication, you can't opt out of, with a half baked attempt at communicating the change in a blog post.....and they're still gathering feedback. I know you say it won't happen all at once. But what if my tenant is among the first batch to have the change applied. Then it's happening in just over a month and we' don't know the full scope of the change. Seems to me like something's happening in the background and there's a big rush to get this change out. We've only recently had the Microsoft managed conditional access policy rollout, which had better communication and planning wrapped around it, so you could measure its impact and deploy your own version of the policy if required
@ikennashonowo9250
@ikennashonowo9250 Ай бұрын
Nice
@NTFAQGuy
@NTFAQGuy Ай бұрын
Thanks
@jadan2000
@jadan2000 Ай бұрын
Thanks for this. Currently if you turn on MFA in Azure, it also is turned on for o365, since its the same identity management. Does that change with this new feature?
@NTFAQGuy
@NTFAQGuy Ай бұрын
MFA requirement is based on the target service. Just because a user has setup MFA does not mean its now required for everything. This only applies to those services I talk about in the video.
@GavinPeters
@GavinPeters Ай бұрын
Hmm, i wonder how this affects resources. I need to check our Teams-room set up as we use CA to remove mfa need. I'm not sure if they're set up a user accounts or not.
@GavinPeters
@GavinPeters Ай бұрын
Oops, nevermind, I just realised that we don't manage anything using the room logins. This does not affect our resources, as per John's teachings.
@timolean5846
@timolean5846 Ай бұрын
So if you create service accounts as users to avoid mfa you’ll want to switch to using service principals? Currently we just exclude them from our CA policies.
@NTFAQGuy
@NTFAQGuy Ай бұрын
You shouldn't be creating user accounts for service accounts. Yes, use service principal.
@robertsprouse8903
@robertsprouse8903 Ай бұрын
Guess I need to buy stock in FIDO keys. Where I work no cell phones are allowed.
@NTFAQGuy
@NTFAQGuy Ай бұрын
ROFL
@Timmy-Hi5
@Timmy-Hi5 Ай бұрын
seems that Superman is angry today 😁or the mic is on max loudness 🤩 or MFA makes him angry 😎😁
@NTFAQGuy
@NTFAQGuy Ай бұрын
ROFL, didn't notice
@Timmy-Hi5
@Timmy-Hi5 Ай бұрын
@@NTFAQGuy 😁 all good ...I was under the impression someone stole your doughnut allowance 😁
@NTFAQGuy
@NTFAQGuy Ай бұрын
I would pity that person :-D
@Timmy-Hi5
@Timmy-Hi5 Ай бұрын
@@NTFAQGuy 😂
@skatterbrainz
@skatterbrainz Ай бұрын
"carbon-based fleshy things" - lol!
@jadan2000
@jadan2000 Ай бұрын
Also. If I'm using Conditional access policies for MFA and I have users in the exceptions list, will they now be required to use MFA?
@NTFAQGuy
@NTFAQGuy Ай бұрын
I address this in the video. Yes, its cumulative.
@jadan2000
@jadan2000 Ай бұрын
@NTFAQGuy I must have missed that part. Thank you. Wow that's a bit painful.
@DavidWorthington
@DavidWorthington 19 күн бұрын
It’s a good thing. “Who moved my cheese” shouldn’t apply here.
@ZATennisFan
@ZATennisFan Ай бұрын
It was not the most clearly written post of all time. Especially if you are not an EntraID junkie…. 🤣🤣
@NTFAQGuy
@NTFAQGuy Ай бұрын
lol
@ZATennisFan
@ZATennisFan Ай бұрын
@@NTFAQGuyThere was a great deal of wailing and gnashing of teeth by some of my colleagues 🤣🤣
@NTFAQGuy
@NTFAQGuy Ай бұрын
hahahahaha
@shawndeggans
@shawndeggans Ай бұрын
I guess carbon-based fleshy things is better than meat-bags.
@NTFAQGuy
@NTFAQGuy Ай бұрын
💯
Protecting Against Credential and Token Theft
52:32
John Savill's Technical Training
Рет қаралды 10 М.
Can You Draw A PERFECTLY Dotted Line?
00:55
Stokes Twins
Рет қаралды 41 МЛН
She ruined my dominos! 😭 Cool train tool helps me #gadget
00:40
Go Gizmo!
Рет қаралды 58 МЛН
MEU IRMÃO FICOU FAMOSO
00:52
Matheus Kriwat
Рет қаралды 30 МЛН
The Best Western Opening Scene Ever
3:49
Boxoffice Movie Scenes
Рет қаралды 15 МЛН
Lock Down Your Microsoft 365: Your Essential Security Policies
22:09
Jonathan Edwards
Рет қаралды 30 М.
Why I Quit the Scrum Alliance
7:58
The Passionate Programmer
Рет қаралды 8 М.
PASSKEYS - What they are, why we want them and how to use them!
1:10:42
John Savill's Technical Training
Рет қаралды 28 М.
Azure AD App Registrations, Enterprise Apps and Service Principals
33:44
John Savill's Technical Training
Рет қаралды 208 М.
How Rich Is Parker Schnabel From Gold Rush
16:37
Future is Space
Рет қаралды 1 МЛН
"I Hate Agile!" | Allen Holub On Why He Thinks Agile And Scrum Are Broken
8:33
Using the Well-Architected Framework
34:39
John Savill's Technical Training
Рет қаралды 35 М.
Active Directory Access with Microsoft Entra Private Access
21:52
John Savill's Technical Training
Рет қаралды 20 М.
Microsoft Azure Managed Identity Deep Dive
48:40
John Savill's Technical Training
Рет қаралды 74 М.
Can You Draw A PERFECTLY Dotted Line?
00:55
Stokes Twins
Рет қаралды 41 МЛН