Discover more from Entra.News - Your weekly dose of Microsoft Entra

Entra.News is a weekly newsletter of the latest Microsoft Entra related news, blog posts and videos from Microsoft, MVPs and infosec experts, curated by Merill Fernando. To feature your content on Entra.News tag with #entra or mail hey@entra.news

Over 6,000 subscribers

Entra.News #16: Your weekly dose of Microsoft Entra

Windows LAPS goes GA, Windows passwordless experience expands and some top notch community contributions on Verified ID and the Inbound Provisioning APIs

Merill Fernando

Oct 29, 2023

👋 Hi, Merill here with the sixteenth edition of entra.news and all the latest happenings in the world of Microsoft Entra. Enjoy!

⚡️ Microsoft

✅ Generally Available

Windows Local Administrator Password Solution with Microsoft Entra ID now Generally Available! • Sandeep Deo

🔥 Public Preview

Delegate Azure role assignment management using conditions • Stuart Kwan

📖 Read

Windows passwordless experience expands • Sayali Kale

📺 Watch

How To: Configure Entra ID SSO Plugin for Confluence (1 min) • Microsoft Security

From the community…

☀️ Read

💳 Verified ID

Express Verified ID Setup • Darren Robinson

🤴 ID Governance

Using the brand new Entra Inbound Provisioning API for Identity Lifecycle Management! • Pim Jacobs

🥷 Security

Entra ID – Comming: Auto-rollout of basic Conditional Access policies to protect your tenant – is missing in so many tenants so finally! • Michael Morten Sonne

Configure Smart Lockout in Microsoft Entra • Sudha

Microsoft Entra Identity Attack Threat Detection • Steven Lim

🏢 Security Service Edge (SSE)

Protect your tokens with Microsoft SSE Compliant Network • Samuel Eng

Getting started with Microsoft Global Secure Access • Nathan Hutchinson

🛂 External ID

5 Ways to Enhance Collaboration Between Tenants • Sean McAvinue

🤖 Automation & DevOps

How to Check Licenses Before Assignment to Entra ID Accounts • Tony Redmond

🖥️ Devices

How to Deploy Microsoft Entra LAPS with Intune Step by Step • Daniel Bradley

⚒️ Toolkit

Hunting-Queries-Detection-Rules/Azure Active Directory at main• Bert-Jan

📺 Watch

Single and multi-tenant applications in Microsoft Entra ID (1 hour) • Tech Mind Factory

Windows Local Administrator Password Solution in Microsoft Entra ID (preview) (12 mins) • RioCloudSync

Cloud Security with Microsoft 365 Developer Tenants (12 mins) • John Hammond

Windows LAPS in 9 mins: Hackers DON’T watch this! (8 mins) • Azure Academy

Setup Windows LAPS in just 5 Minutes (6 mins) • CloudManagement.Community

How to configure Cloud sync (15 mins) • MSEndpointMgr - Jungling the Cloud

👨🏽‍💻 Merill’s corner

→ HAR file security

View full post at https://www.linkedin.com/pulse/har-file-security-merill-fernando

→ Graph PowerShell - Search Tip

Find this and other Graph PowerShell samples at aka.ms/graphsamples

Screenshot showing running a command to search devices by name

→ Registration campaign

🚨 Attn M365 admins: Are your users seeing prompts to set up Microsoft Authenticator and you can't figure out what is prompting them?

You might have missed this post on Message Center with the tag 'Major Update', AND the email that was sent to admins AND the blog post that came out on this 🙂

The TLDR is that users who only rely on weak MFA methods like SMS and Voice will be prompted to set up the Microsoft Authenticator app.

It’s recommended to leave this setting on!

Learn more ⬇️

Blog: Advancing Modern Strong Authentication - Microsoft Community Hub

Message center post: https://admin.microsoft.com/AdminPortal/Home?#/MessageCenter/:/messages/MC650420

(Updated) Changes to the registration campaign feature in Microsoft Entra (previously Azure Active Directory)
MC650420 · Published Jul 20, 2023 · Last updated Sep 19, 2023
Service & monthly active users
Microsoft Entra
Relevance
Low
Tag
MAJOR UPDATEADMIN IMPACTNEW FEATUREUSER IMPACT
Message Summary
Updated September 18, 2023: Deployment will begin September 25th and will run to October 20th. These dates replace the dates mentioned in the email "We're enabling a stronger form of multifactor authentication beginning September 15, 2023" that you might have received. We apologize for the inconvenience.

Publicly switched telephone networks (PSTN) such as SMS and voice authentication are the weakest forms of MFA. To help your users move away from these less secure MFA methods we are introducing changes to the Microsoft managed state of the registration campaign (aka Nudge) feature in Microsoft Entra (previously Azure Active Directory).

When this will happen:

Starting late September 2023 and expect to complete by late October 2023.

How this affects your organization:

Users in your organization who are relying on PSTN (SMS and/or voice) for MFA will be prompted to use the Microsoft Authenticator app. Users can skip this prompt for a maximum of 3 times, after which registration of the app will be required by default. Note: admins can decide it they want to opt out of the “limited” 3 snooze configuration or give their end users the ability to snooze indefinitely.

What you can do to prepare:

We urge you to motivate your users to immediately stop using SMS and voice for MFA. You can take advantage of several new admin levers to achieve this such as system-preferred MFA and Microsoft Authenticator Lite, in addition to registration campaign. However, if some of your users require more time you can exempt them for now. Sign in as Global Administrator or Authentication Policy Administrator and go to Microsoft Entra > Ide