Microsoft Conditional Access - 7 New Features Admins MUST Know!
Conditional Access continues to develop at a lightning pace, and it’s critical that IT Admins keep there skills up to date. In this session, Andy will take you through 7 awesome and powerful new features that will ensure your environment is even more secure than before. From reporting to Multi tenant settings, to Phishing resistant MFA and so much more. If you’re responsible for managing Microsoft Entra ID or Microsoft 365, this is a session that you must see.
For more on me visit me at www.Andymalone.org
Thanks to today’s sponsor, BlueTally. Visit www.bluetallyapp.com
Looking for more? Why not sign up to my Patreon page / andymalonemvp
You can also attend one of my upcoming summer online classes. Visit www.quality-training.co.uk/bo...
Time Codes
00:00 Introductions
01:55 New Conditional Access Settings
06:49 New Multi Tenant Settings
07:35 New external / Guest User Settings
09:58 New Network Settings
12:22 New Insider Risk Management Settings
14:11 New Authentication Flows
17:41 Session Conclusions
Пікірлер: 27
This is fantastic. Thank you for taking the time to show us. I`m going to spend my weekends with your videos :-)
Thanks Andy. Great Video
Great Video cheers 🙂
Can you do a video showcasing MFA whenever an eligible role is activated ?
Hero!
Hey Andy this is great, thank you. I have a question: Isn't Network section in CA policy same as Named Locations IP ranges? Can we set private IP ranges in Network section?
@AndyMaloneMVP
Ай бұрын
Not that I’m aware of
Hi Andy, thank you for sharing the new features. Can the token protection protect users who are not using MFA due IOT device in the store that can't work with a user who is signing in with MFA on their profiles?
@AndyMaloneMVP
Ай бұрын
A short answer is no. Token protection only works in a limited format at the moment but is currently being rolled out by Microsoft. At the moment you can use it on the Microsoft 365 portals and apps as well as the admin portals. The idea of being that it can protect admin accounts from token replay attacks. For more information visit Microsoft learn and take a look at the various documentation. Good luck and thanks for tuning in Andy
Thanks for the information. On a slightly separate note, does anyone know of a way admins can create a temporary sandbox tenant for exploring various features without using a production environment?
@AndyMaloneMVP
Ай бұрын
That’s what trial accounts were for they were great. However, Microsoft are really cutting back on these and making it difficult to take trial subscriptions without the requirement of a credit card.
@JessieS
Ай бұрын
I pay for two licenses just to test things out.
Hi Mr. Malone, I'm working on restricting access to all Microsoft apps outside of a specific network or IP address range. I have set up restrictions for SharePoint and OneDrive based on network location. Here is the source: control-access-based-on-network-location. This setup works well for SharePoint and OneDrive, but it isn't working for other apps like Teams and Outlook. By following some of your videos, I understand that I can achieve this through Conditional Access. Do you have any advice? Thank you.
@AndyMaloneMVP
29 күн бұрын
This is currently a work in progress so you may find out low at the moment. It doesn’t work it will work.
Device Code Flow - is this the same as when you're logged into or using Safari on one device, then continue to use it on another? Authentication Flow - logged in onto O365 on one device, then use on another with the same creds? Have I understood this right?
@AndyMaloneMVP
Ай бұрын
You got it 😊
Thanks for the informative content as always. Regarding the authentication methods: in the case for SSPR, what would be your recommendation? SSPR can be setup with either 1 or 2 factor MFA. 2-factor MFA sounds the most secure to me, but the 2nd factor for SSPR can only be a phone number (office phone or SMS) or a secondary emailadress. Both of those secondary SSPR methods are quite unsecure. So my question would be: Is it more secure to enable SSPR with just 1-factor MFA (which would be the Authenticator App), or would it be better to enable SSPR with 2-factor MFA (Authenticator App + Phone Number OR Emailaddress)?
@AndyMaloneMVP
28 күн бұрын
In my opinion, SSPR is a potential back door into your active directory. Personally, I’m not a fan of it and it encourages retaining passwords when really we want to get rid of them. Consider. Phishing resistant credentials instead instead for example pass keys.
@moepskie
28 күн бұрын
@@AndyMaloneMVP Thanks Andy, we're already working on going passwordless asap :)
Hi Andy, is it possible with CA to block office apps like word, excel and outlook, but keep onedrive and teams working everywhere ?
@AndyMaloneMVP
Ай бұрын
You can select the apps option on user account properties and deselect apps that you don’t want the user to see
Risk related data activities - Timestamp 12:37 - what does this mean? under Insider Risk?
@AndyMaloneMVP
Ай бұрын
For this to work, you need to set up an insider risk policy in Microsoft purview
please i really want to join the class am really interested
@AndyMaloneMVP
Ай бұрын
We’d love to have you just click on the book button and you’re all set
@Bigapps1Z
Ай бұрын
@@AndyMaloneMVP where can i find the boook button please
@AndyMaloneMVP
28 күн бұрын
@@Bigapps1Zwww.quality-training.co.uk/book-online