Posted by: kurtsh | July 10, 2023

INFO: Azure AD System-preferred authentication for MFA rolling out July 2023

[Microsoft 365 and Azure AD admins! This one is for you in case you missed the Message Center announcement.]

imageIn today’s landscape, organizations and users utilize various authentication methods with varying levels of security. Unfortunately, users often select less secure MFA methods, even when more secure options are available. This may be due to convenience, lack of awareness, or technical limitations.

To encourage the use of the strongest available method, we are introducing system-preferred authentication for MFA. This system prompts users to sign in with the most secure method they’ve registered and the one that’s enabled by admin policy. This transition from choosing a default method to always using the most secure method will promote better security practices. If users can’t use the prompted method, they can choose an alternative MFA method.

We will begin rolling out in early July (previously late June) and expect to complete by early August (previously late July).

We launched this with Microsoft-managed set to disabled. As mentioned above, we will be setting "Microsoft-managed" to enabled from the first week of July 2023. While we highly encourage you to adopt this feature for your entire tenant, should you need to you can either scope the feature for a segment of your user population or disable it if necessary. The feature will ultimately be set to Microsoft-managed (enabled) for all tenants, with no option to disable it.

Deploying this feature with the rollout controls is highly encouraged to enhance security and ensure users always use the most secure authentication method first. The feature is now available from your tenant.

Posted in Uncategorized

«
»

Categories