November 9, 2022
|
10
min read
Josh Wittman
Josh Wittman, co-founder of Simeon Cloud, excels in Microsoft 365 through governance, security, and automation. An expert in SaaS, DevOps, and cybersecurity, he innovates in the digital workplace.
laptop with login and password on screen

Are you looking to set up enhanced security protocols for accessing sensitive internal applications in Azure AD? 

Microsoft just announced a new preview feature that lets you set a pre-determined authentication strength for external logins and guest access in Microsoft Entra — the new access control and identity management platform from Microsoft that also includes Azure AD.

But what is authentication strength? And how exactly can you configure this new feature to work in Azure Active Directory? In this article, we break down everything you need to know to set up this new conditional access policy (CAP) using grant controls in Azure AD and Microsoft Entra. 

This article covers:

Azure AD Authentication Strength: Unpacking the New CAP

Authentication strength is a new grant control in Azure AD conditional access that lets you specify different multi-factor authentication requirements that users must comply with to access sensitive applications. It helps you set up additional security protocols for sensitive applications and resources without compromising the user experience.

When specifying your authentication strength, you can either choose a built-in authentication strength or set up a custom one from scratch. The three built-in authentication strengths available currently are:

  • Multifactor authentication strength
  • Passwordless MFA strength
  • Phishing-resistant MFA strength

Each of the built-in authentication strengths has a combination of pre-defined authentication methods that the user can complete to satisfy the strength requirements. You can also create custom authentication strengths by combining different methods by yourself. 

Scenarios for Using the New Azure AD Authentication Strengths

Let’s take a look at the list of common scenarios where you should use authentication strength for access management in Azure AD:

  • When you require strong authentication methods to limit access to a sensitive resource.
  • When you want to use specific authentication methods when a user account takes a sensitive action within an enterprise application.
  • When you want to specify a combination of authentication methods for when a user signs in to sensitive applications outside the corporate network.
  • When you need to securely authenticate users who are at high risk.
  • When you must specify authentication methods for guest users requesting access to a resource tenant.
How to Set Up Azure AD Authentication Strengths for Multiple Tenants

How to Set Up Azure AD Multi-Factor Authentication Strength

Here are the step-by-step instructions for manually setting up the new multi-factor authentication strengths within your Azure AD tenant, including choosing an authentication strength and creating a conditional access policy.

  • Sign in to the Azure portal. Make sure to have the appropriate permissions by logging in as a global, security, or conditional access administrator.
  • Go to Azure Active Directory > Security > Authentication methods > Authentication strengths (Preview).
  • Choose one of the built-in authentication strengths to get started or create a custom one.

Automatically Set and Apply Azure Active Directory Authentication Strengths With CoreView

When you’re an enterprise administrator managing multiple tenants at scale, it can easily feel cumbersome and impractical to manually set and apply all these different conditional policies for every tenant by hand.

Thankfully, you can automate it all with CoreView.

CoreView Configuration Manager for Microsoft 365 covers Office 365, Azure AD, Microsoft Azure, Teams, and Intune. It lets you roll out conditional access policies across multiple tenants within your organization with a single click as well as roll back those policies should anything not work as intended.

We’re currently working on supporting the new authentication strengths introduced by Microsoft.

With CoreView Configuration Manager for Microsoft 365, you also gain access to a pandora’s box of other configuration management tools like backup and restore, baseline configuration, automated provisioning, end-to-end lifecycle management, application packaging, and more. 

Interested in learning more about how CoreView can help you securely manage your complete enterprise ecosystem? Sign up for a quick demo and see for yourself!

Get a personalized demo today

Created by M365 experts, for M365 experts.