Ad? Or AAD? Remember for bonus points call it “extra id” these days. Throw in a reference to conditional access policies. If that don’t give the security guys a semi nothing will.
Absolutely bring that up. Fair to assume they are directory synced to the cloud. honestly conditional access is one of the coolest things Microsoft have done in the last 10 years!!
For inside knowledge: Microsoft apparently working on enabling more complex passwords in entra id. I’m very excited about this because it’s stupid that you have to have an on premises active directory to be able to set minimum complexity requirements.
Correct, mfa ain’t enough. Especially in sensitive settings like the courts. Government gets twitchy about data going out of the country.
You might even find dealing with the courts the mandate IS on prem.
But I’ve had clients/customers/whatever click on links and have their auth token stolen from the browser, allowed an attacker to come in totally bypassing mfa. I’ve also had customers have their phone number ported away to steal the sms auth. Shit is scary.
Ad? Or AAD? Remember for bonus points call it “extra id” these days. Throw in a reference to conditional access policies. If that don’t give the security guys a semi nothing will.
deleted by creator
Absolutely bring that up. Fair to assume they are directory synced to the cloud. honestly conditional access is one of the coolest things Microsoft have done in the last 10 years!!
For inside knowledge: Microsoft apparently working on enabling more complex passwords in entra id. I’m very excited about this because it’s stupid that you have to have an on premises active directory to be able to set minimum complexity requirements.
deleted by creator
Correct, mfa ain’t enough. Especially in sensitive settings like the courts. Government gets twitchy about data going out of the country. You might even find dealing with the courts the mandate IS on prem.
But I’ve had clients/customers/whatever click on links and have their auth token stolen from the browser, allowed an attacker to come in totally bypassing mfa. I’ve also had customers have their phone number ported away to steal the sms auth. Shit is scary.
deleted by creator
So MS are dropping SMS auth totally. MFA requires an app, or it will. Its a VERY slow rollout.