Hey Andy this is great, thank you. I have a question: Isn't Network section in CA policy same as Named Locations IP ranges? Can we set private IP ranges in Network section?
Thanks for the information. On a slightly separate note, does anyone know of a way admins can create a temporary sandbox tenant for exploring various features without using a production environment?
That’s what trial accounts were for they were great. However, Microsoft are really cutting back on these and making it difficult to take trial subscriptions without the requirement of a credit card.
Hi Andy, thank you for sharing the new features. Can the token protection protect users who are not using MFA due IOT device in the store that can't work with a user who is signing in with MFA on their profiles?
A short answer is no. Token protection only works in a limited format at the moment but is currently being rolled out by Microsoft. At the moment you can use it on the Microsoft 365 portals and apps as well as the admin portals. The idea of being that it can protect admin accounts from token replay attacks. For more information visit Microsoft learn and take a look at the various documentation. Good luck and thanks for tuning in Andy
Device Code Flow - is this the same as when you're logged into or using Safari on one device, then continue to use it on another? Authentication Flow - logged in onto O365 on one device, then use on another with the same creds? Have I understood this right?
Thanks for the informative content as always. Regarding the authentication methods: in the case for SSPR, what would be your recommendation? SSPR can be setup with either 1 or 2 factor MFA. 2-factor MFA sounds the most secure to me, but the 2nd factor for SSPR can only be a phone number (office phone or SMS) or a secondary emailadress. Both of those secondary SSPR methods are quite unsecure. So my question would be: Is it more secure to enable SSPR with just 1-factor MFA (which would be the Authenticator App), or would it be better to enable SSPR with 2-factor MFA (Authenticator App + Phone Number OR Emailaddress)?
In my opinion, SSPR is a potential back door into your active directory. Personally, I’m not a fan of it and it encourages retaining passwords when really we want to get rid of them. Consider. Phishing resistant credentials instead instead for example pass keys.
