Hello Reader,

Wow, it's been way to long since I've sent a Microsoft 365 tip to you Reader. I went on vacation for a few weeks in June and have been catching up since. My family and I had a great time, nice and relaxing, and I have some new things coming soon, so keep an eye out for that! But, enough about me, onto the Microsoft 365 management tip for the month!

💡A Microsoft 365 Management Tip: Use Conditional Access for MFA!

I know, this may seem like an, "Of Course!" to some of you, some of you maybe this is new, but this is also more than just use conditional access for MFA. I wanted to give you a few scenarios of how I use it and how you might be able to secure your environment better, and why you should use it - side note, this does require Microsoft Entra Plan 1.

1. The why - I have two reasons here. First, if you are using per-user MFA (the old way) today so not everyone is required to MFA, that is going away in just over a year. That leaves you with security defaults, or conditional access as your options. Security defaults is great, but offers very little flexibility. It's on or off.
2. Scenarios and better security - Like I said, security defaults is great, but it's on or off for all your users. With conditional access, you can fine tune your MFA based on a number of factors and really customize it to your needs. For instance:
   1. Require phishing resistant MFA for certain admin roles. This way, if you have a user that's logging in as a global admin, don't allow SMS MFA (it really isn't that secure). Require those admins to log in using a FIDO2 Key.
   2. Customize your MFA based on certain applications (Microsoft or 3rd party). You don't have to target every application with the same level of MFA. Similar to administrators, maybe you have an HR app that you have setup with Entra ID. Due to the sensitive information in the HR app, you want to require passwordless MFA for that app, but for other apps you just want to configure "any" MFA.
   3. Require various levels of MFA based on Devices (Windows, macOS, Android...Entra ID joined, compliant, etc) or Locations (your office network, specific countries, etc) or, if you have E5, the risk level of users (user risk, sign-in risk, and insider risk).

Those are just a few ideas of how I've leveraged conditional access and MFA to better secure user logins for my own company as well as my clients. And that's just MFA. The number of other security measure you can put in place with conditional access can further improve your security. Like I said above, this does require Microsoft Entra Plan 1, but this feature by itself I feel is worth the cost given the number of security breaches that could be prevent with policies put in with within Conditional Access.

Would you like to become the irreplaceable Microsoft 365 resource for your organization? Let me know!​

So back to Intelligink updates, what do we have coming!

• We continue to crank out podcasts on a bi-weekly basis. If you haven't checked it out, head over to https://msclouditpro.com. We would love to have you as a listener as well as any questions or topic ideas you may have!
• Microsoft Ignite is coming in November and we're planning to be there! Registration hasn't opened yet, but you can get on the list to be notified when it does by visiting - https://ignite.microsoft.com/en-US/home​
• Collabcon 2024 is back in Orlando this December! This is a conference I was on the board of last year, and am helping to plan and organize again this year. If you're interested in attending or speaking, check it out at https://www.collabconforall.com/​
• Microsoft 365 Community Days just happened a week ago and I was able to deliver a virtual session on "The Art of Security Microsoft 365". It hasn't been posted to their YouTube channel yet, but it should be coming in the near future. I'm also recording one other video that will be posted up there as well. You can check them out at https://www.youtube.com/@m365chicago​

🗞️ Microsoft 365 news highlights

• ​July 2024: A look at the latest Microsoft Entra key feature releases, announcements, and updates​
• ​Summer updates for SharePoint Premium including Autofill, Graph APIs, promo extensions, and more!​
• ​Microsoft Security Service Edge now generally available​
• ​Introducing the Microsoft Entra PowerShell module​

​

Thank you all, and have a great day!

Ben Stegink

Helping you become a Microsoft 365 Expert!

​