Migrate Legacy MFA & SSPR: Authentication Methods Policy | Microsoft Entra ID

Подписаться 4,6 тыс.

Просмотров 1,5 тыс.

50% 1

How to migrate legacy MFA and SSPR policy settings to the Authentication methods policy for Microsoft Entra ID. Different types of authentication methods such as password less authentication, multi factor authentication, SMS authentication, hardware key etc.
Looking to upgrade your Legacy MFA and SSPR policies? In this video, I'll walk you through the process of migrating and updating your authentication methods policy with Microsoft Entra ID. Stay secure and up-to-date with the latest authentication methods!
Dive into the comprehensive guide on migrating legacy Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR) policies to the cutting-edge Authentication Methods Policy for Microsoft Entra ID. This transition isn't just about upgrading; it's about transforming your authentication landscape to meet the demands of modern cybersecurity challenges. By adopting the Authentication Methods Policy, you can enhance user authentication processes while simultaneously bolstering data protection measures.
In this video, I provide you with step-by-step instructions and best practices to ensure a seamless migration experience. From understanding the intricacies of legacy MFA and SSPR policies to implementing the latest authentication methods offered by Microsoft Entra ID, I have covered everything.
Watch now and take the first step towards maximizing the security benefits of the Authentication Methods Policy for Microsoft Entra ID. Let's elevate your organization's security together!
▬▬▬▬▬▬ Enrol in my SharePoint Course at UDEMY 🚀 ▬▬▬▬▬▬
Course: SharePoint Online: Complete Guide to Microsoft SharePoint
Link: www.udemy.com/course/sharepoi...
▬▬▬▬▬▬ C H A P T E R S ⏰ ▬▬▬▬▬▬
0:00 Introduction
0:37 What is Legacy MFA & SSPR Policies
4:23 Legacy Multifactor Authentication Testing
5:24 Review Current Legacy Policies
6:30 Decide Combined Authentication Methods Policies for MFA & SSPR
9:00 Migrate Legacy MFA & SSPR Policies to Microsoft Entra ID
10:23 Enable Authentication Methods Policy for Microsoft Entra ID
13:09 Testing Authentication Methods Policy for Microsoft Entra ID
14:11 What's different for On-Prem MFA Server for MFA
18:39 Disable Legacy MFA Authentication Policy
19:29 Disable Legacy SSPR Authentication Policy
20:12 Completing Migration from Legacy Policies to Authentication Methods Policy
21:13 Security Question for SSPR
22:32 Summary
▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬
🎥 Microsoft 365 Security for Small Businesses: • Microsoft 365 Security...
🎥 How to use SharePoint document library: Complete beginners tutorial: • How to use SharePoint ...
🎥 SharePoint Online Tutorial for Beginners • SharePoint Online Tuto...
🎥 Playlist: Learn SharePoint Online: • Learn SharePoint Online
🎥 SharePoint Online Site Permissions Tutorial: Complete Guide • SharePoint Online Site...
🎬 Movavi Video Suite To Create RU-vid Shorts or Edit Videos
www.mvvitrk.com/click?pid=276...
🔔 Subscribe for more tips just like this:
ru-vid.com?...
🚀 SOCIAL
===============================
🤝 Connect with me
Twitter: / techbytosh
Facebook: / techbytosh
Instagram: / techbytosh
Website: www.techbytosh.com
As full disclosure, I use affiliate links above. Purchasing through these links gives me a small commission to support videos on this channel -- the price to you is the same.
#techbytosh #microsoftentraid #legacyauthentication #mfa #SSPR

Наука

Опубликовано:

10 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 32

@l.r.richards1786 Месяц назад

Got it finally! Great presentation.

@TechByTosh Месяц назад

Glad it was useful

@gdr1174 22 дня назад

very well explained

@TechByTosh 21 день назад

Thank you!

@mattsnider5704 Месяц назад

Thank you. Good introduction to this migration.

@TechByTosh Месяц назад

Thank you!

@reginaldomoreno9898 Месяц назад

Thank you for your detailed video. The best.

@TechByTosh Месяц назад

Thank you!

@Dan-rs9rk 18 дней назад

ok, in new auth methods setup I only set who can use which auth methods. so far it looks clear Q: with depreciation of legacy mfa (once migration is set to "done") does it also mean that I'll loose ability to manually force mfa only for selected users and that I'll be left only with two other options - to use conditional access (with proper license bought) or security defaults? Q: if i enable security defaults after migration, will it respect new settings for avail mfa and allow users to use more methods like FIDO when enabled? thanks for video

@TechByTosh 16 дней назад

Q1. Yes, but you can use CA or security defaults Q2. Yes, you are only changing authentication methods

@shanenejad Месяц назад

Very well done, thank you. The only part that I get confused on is the self service password reset correlation with the authentication methods. Whate if you don't have or want the self service password policy enabled but you still want to migrate to the new authentication platform. I am assuming it's the same exact thing, but am I missing something here?

@TechByTosh Месяц назад

That’s correct! You can enable authentication methods and not the SSPR policy. Previously you could define seperate authentication methods for MFA and SSPR. But now one authentication method is applied to both MFA and SSPR (if enabled).

@shanenejad Месяц назад

@@TechByTosh Thank you, much appreciated.

@LV13619 22 дня назад

Thank you for the informative guide. Currently, in my organization, MFA is enabled only for specific privileged accounts, while the vast majority do not have it enabled. Additionally, SSPR is disabled (never was enabled) If I do this migration from legacy MFA to the Authentication Methods policy, will it impact users who do not currently have MFA enabled? Moreover, will this migration mandate/enforce MFA for users who currently do not use it?

@TechByTosh 22 дня назад

Two enable MFA, you will need to create CA policies unless your organisation is using security defaults (which I don’t think is the case). What you will be doing here is changing the authentication methods (legacy to modern). If you don’t create CA policies then users won’t be prompted for MFA. But as I mentioned in the tutorial, you can always apply new authentication methods to selected users for testing and then do the roll out. Hope it helps!

@LV13619 22 дня назад

@@TechByTosh i do have a CA in place targetting only the required group of accounts which should have to configure & go through MFA while accessing MS365 services. So when migrating, if i enable - MS Authenticator & SMS, as examples - and set it to All users, this migration/change shouldn't really apply to "All Users", right? but only the group which is defined in CA. Is my understanding correct?

@TechByTosh 22 дня назад

Yes correct! You are only changing the authentication methods not enforcing MFA.

@LV13619 22 дня назад

@@TechByTosh Thank you so much for this clarity

@lalithrampavan5251 Месяц назад

So I shouldn't configure Microsoft authenticator app Enabled to all?, it should be configured only for few groups right? be cause If I enable to all and service accounts might also get included and that process might impact on premise synchronization.

@lalithrampavan5251 Месяц назад

what do u say on this?

@TechByTosh Месяц назад

Ok so first of all applying authentication methods is different to conditional access policies. You can assign authentication methods to all users but who should be prompted for MFA is configured within conditional access policies and you can exclude your services account within the CA policy. Hope it helps!

@TechByTosh Месяц назад

Just replied to your previous message.

@praveendsouze 2 месяца назад

Tried with some users today (created a MFA croup), in our organization MFA is enforced to all except some Service accounts. as soon i tested myself I'm getting option to enter SMS code, where in legacy i used to get code in Microsoft Authenticator App. As of now i reverted the settings. As per your example (Chris Green) MFA was not enabled.

@TechByTosh 2 месяца назад

Please make sure you first you enable MFA (Authenticator app) and add yourself. Test MFA. You can also check what authentication methods you have added for your account from my apps or from your user account in Entra id.

@praveendsouze 2 месяца назад

@@TechByTosh one more question, If I create a MFA group and move some users to the group and finish migration (Migration Complete option). How the system treats the users which are outside the MFA group, what authentication does it follow "Legacy or the migrated one"?

@TechByTosh 2 месяца назад

Once you select Migration Complete option, legacy authentication will not be used.

@Sebastian_L. Месяц назад

As far as i understand, with your example you basically locked out everybody in the company (i.e admins) having the chris account beeing the only that could use mfa for login, correct ?

@TechByTosh Месяц назад

No - only Chris account has new MFA enabled. All other users are still using legacy MFA until you select complete migration

@Sebastian_L. Месяц назад

20:50 didnt you complete the migration there ?

@TechByTosh Месяц назад

No, its Migration in Process, completion is the next radio button, which says Migration Complete

@LV13619 22 дня назад

@TechByTosh 22 дня назад

Replied to your other comment.