Forum Discussion
MicrosoftImportant: Improved security in Microsoft learning offerings requires multi-factor authentic
** See updated reply in this chat from me. We will continue to update here when we have new information. Thank you.
We are making our learning offerings more secure by adding multi-factor authentication (MFA) to Microsoft 365 and Dynamics 365 tenants that we use in some of our instructor-led training (ILT) labs. We started this update on the week of March 11, 2024, and it will take a few more weeks to complete. Some users may see the change right away or in the next few weeks as we roll out the feature. This update will affect labs for some of the ILT courses you offer.
What does this mean to you?
Some of the classes your team is delivering may be impacted. Students who try to access the labs for the impacted courses will need to enable MFA. They’ll require a mobile phone in the class to set up and verify with MFA. They'll also need an app that can generate authentication codes—the suggested app is the Microsoft Mobile Phone Authenticator, which is free.
If students have issues during the lab, trainers should follow the standard support process.
What is next?
We are still assessing the effect of turning on multi-factor authentication for our learning portfolio and will share more details as we learn more.
Which ILT courses are impacted?
-
AZ-040T00: Automating Administration with PowerShell
-
DP-605T00: Develop dynamic reports with Microsoft Power BI
-
MB-220T00: Dynamics 365 Customer Insights - Journeys
-
MB-260T00: Microsoft Customer Insights - Data Specialty
-
MB-800T00: Microsoft Dynamics 365 Business Central Functional Consultant
-
MB-820T00: Dynamics 365 Business Central Developer
-
MD-102T00: Microsoft 365 Endpoint Administrator
-
MS-102T00: Microsoft 365 Administrator
-
MS-4001: Build collaborative apps for Microsoft Teams
-
MS-700T00: Managing Microsoft Teams
-
MS-721T00: Collaboration Communications Systems Engineer
-
PL-200T00: Microsoft Power Platform Functional Consultant
-
PL-300T00: Microsoft Power BI Data Analyst
-
PL-400T00: Microsoft Power Platform Developer
-
PL-500T00: Microsoft Power Automate RPA Developer
-
PL-7001: Create and Manage Canvas Apps with Power Apps
-
PL-7002: Create and Manage Automated Processes by using Power Automate
-
PL-7003: Create and Manage Model-Driven Apps with Power Apps and Dataverse
-
PL-900T00: Microsoft Power Platform Fundamentals
-
SC-200T00: Microsoft Security Operations Analyst
-
SC-300T00: Microsoft Identity and Access Administrator
-
SC-400T00: Administering Information Protection and Compliance in Microsoft 365
-
SC-900T00: Microsoft Security, Compliance, and Identity Fundamentals
Hi Training Services Partners,
We have updated the Frequently Asked Questions document to include more information as well as customer messaging that you can use with your customers. You can access it here: https://aka.ms/WWLMFA . We will be providing translations by next week as well.
Thank you for your partnership.
Debbie
13 Replies
- debbieuttecht
Hi Training Services Partners,
We have updated the Frequently Asked Questions document to include more information as well as customer messaging that you can use with your customers. You can access it here: https://aka.ms/WWLMFA . We will be providing translations by next week as well.
Thank you for your partnership.
Debbie
- Hi Debbie, the link provided to set up your Microsoft 365 sign-in for multi-factor authentication goes to a page that has the following language which seems to contradict what is being said on this thread about SMS messages that are not allowed. I think that will confuse our learners and generate a lot of questions and back and forth. Will that language be removed or is there another link we can share with students?
https://support.microsoft.com/en-us/office/set-up-your-microsoft-365-sign-in-for-multi-factor-authentication-ace1d096-61e5-449b-a875-58eb3d74de14
"If you would rather use SMS messages sent to your phone instead, select I want to set up a different method. Microsoft 365 will ask for your mobile number, then send you an SMS message containing a 6-digit code to verify your device." - debbieuttechtDear Partners,Thank you for your partnership in implementing this change and providing feedback. We wanted to provide further information about the reasons for the implementation of the Multi-factor authentication requirement.Microsoft’s security and threat assessment team detected a nation-state attack on our systems. As a response to that developing situation, we have initiated multiple efforts to investigate, disrupt malicious activity, and deny threat actors any further access to our systems. As part of a significant cross company effort, we are also enhancing the security of our learning experiences and infrastructure by introducing multi-factor authentication (MFA) to Microsoft 365 and Dynamics 365 tenants that we use in some of our instructor-led training (ILT) labs. These security steps are necessary to safeguard the Microsoft environment.More details and answers for common questions can be found in the attached FAQ PDF. We will continue to provide updates as quickly as possible.
- Couldn't you at least enable MFA but allow SMS text messages to be used instead of an authenticator app?
I agree with Mario's points. This just makes things more difficult in class for no increase in security in a training environment.- debbieuttechtHI Annette,
No, the security measures in place require an authenticator app. SMS text messaging and phone
call authentication methods are vulnerable to phishing attacks resulting in identity compromise,
so they cannot be used. To improve Microsoft’s security posture, more secure authentication
methods must be used.- Thank you. But these are training tenants, so why are such draconian security levels required?
This has been very short notice. I have to teach MS-102 shortly, and currently have no device I can install an authenticator app on. I'm having to arrange for my employer to supply a suitable phone and it might not arrive in time for the course.
- I agree with what @MarioFucs said.
Paolo Santi PCSNET RomaI also agree with Mario
What about students (and trainers) who don't have smartphones and don't have access to Microsoft Authenticator, or any other authenticator app? What are we supposed to do? Why use this level of security on a 365 tenant that's only used for a training course? It seems pointless and will just cause problems. Please, reconsider this.
- debbieuttecht
Yes, at the moment a phone is required to set up MFA Authentication. We are working on a
solution for scenarios where learners are unable to use an authentication app, but for now
learners will be required to use an MFA authentication app in order to access the labs impacted. These security
steps are necessary to safeguard the Microsoft environment.Thank you.
- I totally agree with what Mario said
- Hi Debbie,
we do not see any security improvement for training classes to use MFA. In our opinion its just another hurdle for students in the ILT/Online Setup. We already have enough of them:
* Lab Registration
* MS Learn Account Creation
* Achievement Codes
* MTM
* Remote Access
* US Tenants
We hope that this decision will be reviewed again. We think it would be better to deliver labs with current software (posted that so many times), region specific tenants or prepopuled tenants with data.
Regards,
Mario- I appreciate your post Mario as I have the same opinion.
