This July, Azure teams will begin rolling out additional tenant-level security measures to require multi-factor authentication (MFA). Establishing this security baseline at the tenant level puts in p...
Updated May 17, 2024
Version 4.0Blog Post
This article is extremely vague as many has already described. My first thought was wait a second, we are unable to use Microsoft Entra's MFA solution because the Conditional Access is locked behind the Entra ID Premium license. There for, I cannot enable and target a hardware token for registration in Entra for all users or a specific group of users as a requirement. It's only optional.
Service accounts are another huge concern for me. How many tokens am I going to need from Microsoft just to run my every day? Or better yet, am I going to be spending all day pressing the token button just to complete my daily task?
I'm a little picky here, however, Microsoft recently rebranded Azure to Entra. So, are we talking Entra or Azure? Are they the same or is there a new product in the market that I was not aware of.
Don't get me wrong, as a security person, I am all for MFA. However, it should be done right, with proper documentation. We use an on-prem hardware token for MFA. No BYOD is allowed. Our employees cannot download the Microsoft Authenticator app onto their personal phones, as that is a violation. Plus, that app would only work for one thing, Entra.