Microsoft previews Conditional Access policy that forces re-authentication

news

Microsoft this week announced new policies to force organizations that use the Microsoft Entra Conditional Access service to re-authenticate.

A new policy called “Sign-in frequency – Every time” is currently in public preview release. Enabling this policy will require “interactive re-authentication for Conditional Access-protected applications or authentication contexts,” the announcement explains.

The new policy is in contrast to single sign-on, which does not require users to authenticate multiple times for each application they use. However, even if your organization uses single sign-on, you may want to prompt for re-authentication under certain conditions. For example, organizations can set up a “risk-based re-authentication policy” for suspicious sign-in behavior to reduce the risk of token theft by attackers.

Microsoft has listed several other scenarios where organizations may need to initiate re-authentication.

Accessing high-risk resources, such as connecting to a VPN.
Activate privileged roles in Privileged Identity Management (PIM).
Perform actions within the application, such as changing personal information in the HR application.

Important actions such as enrolling in Intune and updating credentials.
As mentioned above, risky sign-ins help reduce and reduce the risk of token theft.

The new policy should not be used by all applications as it may trigger “MFA”. [multifactor authentication] Microsoft argued in the paper that “fatigue” only aids phishing attempts. This is most commonly used when the client needs to obtain a new token.

In other Microsoft Entra ID news this month, Microsoft introduced a public preview of a new licensing “Utilization and Insights” portal for Entra ID Premium subscribers. The portal displays the number of P1 and P2 licenses your organization has and their capabilities. The preview specifically shows the available “Conditional Access and Risk-Based Conditional Access” features, but Microsoft plans to expand tracking to “other SKUs and corresponding features when generally available.” It is.

Also this month, Microsoft advised organizations to track deleted objects using the Microsoft Entra Admin Center portal, audit log queries, or the Microsoft Graph API using PowerShell. The announcement explains that by tracking Microsoft Entra ID deletions, you can identify and recover “accidentally or maliciously deleted objects.” It also helps with compliance monitoring, including removing “unnecessary or obsolete objects.”

About the author

Kurt Mackie is a senior news producer in 1105 Media’s Converge360 group.

Source link

What's Hot

AI technology takes marine navigation to a new level

Google’s parent company is still thriving as it shifts to inject more AI technology into search

Zuckerberg opposes China’s blockade of AI technology

Microsoft previews Conditional Access policy that forces re-authentication — Redmondmag.com

Microsoft invests $1.5 billion in UAE’s artificial intelligence G42

Why is Windows 11 so frustrating?

The week ahead on Wall Street: Focus on US GDP data, Microsoft, Alphabet, Meta Platforms and Tesla earnings

Former White House cyber policy director says Microsoft is a national security threat • The Register

Microsoft insider sells $89 million in stock, hints at hesitation

If Satya Nadella had invested $10,000 in Microsoft stock when he became CEO, this is how much he would have made today.

How Amazon Prime’s ‘Fallout’ series highlights the power of post-apocalyptic video game IP

Popular household items are on sale at Amazon with up to 77% off

In the Amazon, butterflies play a key role in the fight against climate change

CeraVe Skin Care and Breezy Blouse available on Amazon starting at $7

Why Apple is betting big on India

Security Bite: Cybercriminals take advantage of Apple Store Online third-party pickup

Protecting against iPhone password reset attacks: How-to

Apple just canceled major products, reports say

Our Picks