Howdy folks,
Today we’re announcing that the combined security information registration is now generally available. This new experience makes it easy for users to register for Multi-Factor Authentication (MFA) and Self-Service Password Reset (SSPR) in a simple step-by-step process. Your feedback from the private and public previews has been awesome, and we’ve used it to make this experience even better for end users.
Robyn Hicock, who managed this feature, wrote a guest blog post where she dives into the details on this update. You’ll find her blog post below.
As always, we’d love to hear any feedback or suggestions you may have. Please let us know what you think in the comments below or on the Azure AD feedback forum.
Best regards,
Alex Simons (@Alex_A_Simons)
Corporate VP of Program Management
Microsoft Identity Division
------------------------------------------------
Hi everyone,
As organizations are asking employees to work from home to slow the spread of COVID-19, it’s even more important that users are registered for MFA and SSPR. We want to make it easier for remote workers to keep their accounts secure.
One of the most common pieces of feedback we received was that the registration experience needs to be super easy on mobile devices. Now, when users register while signing in on their phone, they’ll see this easy step-by-step experience:
|
We simplified the web experience too! Here’s what that looks like:
Once a user completes registration, they’ll see an overview of what they registered to confirm the information is correct and then they’re back to work!
To learn more about the enhanced security info registration experience, check out our admin documentation and user documentation.
Managing Security Info
From the Security info page, users can easily change their default authentication method or update security info such as their phone number. From here they can also add, delete, or change a method.
Here’s a quick video about how to manage your security information:
From this page users can also add a security key:
To learn more about security keys, check out our previous blog about Azure AD support for FIDO2-based passwordless sign-in.
Conditional Access for Registration
As part of this update, we’re making Conditional Access for the combined MFA and password reset registration experience generally available too! This helps ensure it’s the right user—not an attacker—registering this sensitive info. To learn more, check out our previous blog about Conditional Access for the combined MFA and SSPR registration experience.
Try It Out!
Even though MFA/SSPR Combined Registration is now generally available, we aren’t automatically switching everyone over to the new user experience. We want to give you the control over when you update your end user experiences. This gives you more time to test it out, update training materials, and notify your end users. To enable the enhanced security info registration experience, follow these steps:
- Sign into the Azure portal as a global administrator or user administrator.
- Browse to Azure Active Directory > User settings > Manage settings for access panel preview features.
- Under Users you can use the preview features for registering and managing security info – enhanced, you can choose to enable for a Selected group of users or for All users.
If you're still using the old experiences for registering for MFA and SSPR, start making plans to move to this awesome new experience. We’d love to hear your feedback and suggestions. Please let us know what you think in the comments below or on the Azure AD feedback forum.
Thanks!
Robyn Hicock (@RobynHicock)
Senior Program Manager
Microsoft Identity Security and Protection Team