Microsoft Introduces Authentication Strength for Conditional Access Policies



A new setting for Azure AD conditional access policies allows organizations to dictate the authentication strength of accepted connections. This is part of a Microsoft effort to move MFA-enabled Azure AD accounts away from the relatively insecure SMS-based challenges to methods that are less susceptible to attack.

1 Reply

@Tony Redmond Yes, that's really great to hear! Microsoft has listed three default types, but we can also create a "custom multi-factor authentication type" of our own based on our requirements too - You can combine any kind of multi-factor authentication of your wish and apply it to your users. It can significantly help in disabling weaker authentication methods, such as SMS and calls.


You can follow the steps as suggested and implement stronger phishing-resistant MFA to safeguard from multiple MFA attacks.