Open the Graph Explorer and sign in with a tenant administrator account.To enable number matching for the Microsoft Authenticator via the Graph, do the following. Although a GUI option exists in this case, it’s still a good example of how to use the Graph Explorer. Even if you don’t plan to ever write Graph API calls, you can still run commands through the Graph Explorer to see how queries work and what they return, and to occasionally update tenant settings. The Graph APIs underpin many parts of Microsoft 365, and some settings and data are accessible only through Graph queries.
The Graph Explorer is a tool that every Microsoft 365 tenant administrator should master to a point where they can run queries.
Updating the Authenticator Configuration with the Graph ExplorerĪlthough the easiest way is to configure the two features is to use the Azure AD admin center, you can also use the Graph Explorer to patch the Authenticator configuration. It’s likely that they will become generally available in the near future. This mechanism is already used for passwordless authentication.įigure 3: Updating authenticator settings in the Azure AD admin centerīoth features are labelled preview. Number matching means that when a user goes through an MFA challenge, they see a number that they must enter in the Authenticator app to complete the authentication process (Figure 1). Update: October 25, 2022: Microsoft has made number matching and additional context generally available. Thirty minutes of administrator work will improve user security (including the time to read the instructions). I think all Microsoft 365 tenants should consider enabling number matching and additional context as soon as possible. A November 18 blog by Microsoft VP Alex Simons, one of the TEC 2021 keynote speakers, reveals two new features for the Microsoft Authenticator app. Microsoft is doing its best to remove basic authentication for Exchange Online by October 2022, an effort which I believe will help tenants protect user accounts better, even if it comes with some pain to upgrade clients, apps, and so on.Īnother part of the puzzle is to improve the way MFA works to make it easier and more secure. Password spray attacks can steal user credentials and lead to tenant compromise. At the danger of sounding like a broken record, basic authentication is a horrible thing to use for cloud accounts. I’m a big fan of using multi-factor authentication (MFA) to protect Azure AD accounts.
0 kommentar(er)
