What are the Authentication methods in Azure AD? Here’s what you need to know!!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

foreign implementing and managing authentication these are important things in the scope of Microsoft 365 and Azure ad and in this video today we are going to continue our journey on learning azuridian M365 from the very beginning we're going to be looking at things like configuring multi-factor authentication like setting up the authentication methods within Microsoft 365 such as 502 keys passwordless and so on and so forth lots to cover here we're going to touch on conditional access as well briefly as we talk about MFA we're going to look at monitoring things like the sign in logs and sspr and password protection as well let's get stuck in right then so back to our study guide for exam ms-102 Microsoft 365 administrator we are making great progress on this exam guide if we scroll down we can see how far we've come so we've done all of the deploy and manage a Microsoft 365 tenant section we are well into implementing and managing identity and access we've done this first section with Azure ad synchronization and we are now looking at this third section here which is implementing and managing authentication we have one two three four five bullet points to get through in this section so let's see how quickly we can get us through these but not too quickly because we want to be diligent and thorough always we're going to be looking at how to implement and manage authentication methods this is going to include Windows hello for business so it's going to talk about passwordless Authentication tokens including things like Fido 2 and the Microsoft authenticator app as well we'll also look at implementing and managing self-service password reset or sspr you may remember that this is something we had the checkbox for in one of the earlier videos when we set up Azure ad connect we will look also at implementing and managing Azure ID password protection implementing and managing MFA and finally we'll take a look at how we can investigate and resolve some authentication issues within Azure ad so without any further Ado let's get started so we will start first with Windows hello for business now this is where we can replace passwords with strong two-factor Authentication and specifically things like facial recognition and other metrics of things that you are like your fingerprint scanner for example so Windows hello for business is something that you configure from within the InTune portal at intune.microsoft.com or it probably still will respond to endpoint.microsoft.com as well because the name of this admin Center has changed not too long ago now known as the Microsoft InTune admin Center and where we need to go here to get to this part is we need to go into devices and then navigate down to buy platform and into windows and click onto Windows enrollment and we can see here that there are a lot of things that we need to consider within this section of in tune for Windows enrollment now these are things uh uh for other videos going forward but for the context of this particular video we're wanting to look at Windows hello for business and we can see here that when we go in we have a flyout panel and we've got some content that is grayed out that's because the feature is not yet configured but we have to specifically enable it by these two drop downs here there are two that we can choose from and if we hover over the uh the little information icons there we can we can get some further uh crucial information about what what these settings are going to do for us so for this one configure Windows hello for business if disabled the user cannot provision Windows hello for business except on Azure active directory joined mobile phones we're provisioning may be required not configured will honor configurations that have been done on the client that configuration is done on the client that is terrible grammar anyway I'm not here to be grammar police then we have use security keys for sign in so if we hover over this one use security keys for sign in provides the capacity for remotely turning on or off Windows hello security keys for all computers within a customer's organization um so there we go that's what these two settings relate to so we shall go ahead and look at the drop down options for configuring windows allow for business and we have three options here we have not configured which is what we have now and explicitly enabled or we can even explicitly disable it so what we will do is we'll go ahead and enable it and when we do this we get some more options here now I will say that this isn't the the friendliest of user interfaces here it would be nice if you could expand this out a little maybe if we collapse the no not at all it sort of is what it is we'll have to work with this so we've enabled it and we've got this very little space here with which to work so and again we get these little information guides here about all the settings and what they mean so our first option here is do we want to use trusted platform module or TPM now what this does if you're not familiar with it TPM is uh something that provides an additional layer of data security and if set to required then only devices with an accessible TPM we'll be able to provision Windows hello for business if set to Preferred which is the option we have set at the moment then devices attempt to use a TPM but if not available will provision using software so these are the two choices we have here so depending on your situation you might want to select preferred or if you want to be stronger in your requirements then hit require we'll leave this one as preferred for for the moment now with Windows hello we have a pin as one of the options to authenticate your identity when looking into windows so we can set our minimum and maximum pin lengths here so we've got some settings that we can work towards and we can choose the the lowercase letters and uppercase letters within the PIN codes as well and special characters and on all of these let's just click some of the drop downs here we've got not allowed allowed or required so we can choose those as uh as is necessary special characters within a pin pin expiration days how long do we want to set that to to be before a pin expires and it has to be reset so if configured the user will be forced to change their pin after the set number of days the user can still proactively change their pin before expiration occurs though we have this option here to remember pin history and if set to remember then the user will not be able to reuse then this number of previous pins so we can set that option there to be a specific number depending on your preferences do we want to allow biometric authentication so if allowed Windows hello for business can authenticate using gestures such as face and fingerprint but users must still configure a pin in case of failure now this to me is the whole point of enabling Windows hello for business I think um taking advantage of things like Biometrics facial recognition fingerprint recognition is is one of the key features of enabling Windows hello for business but it's important to remember that it's not that that it's all about it is capable and and indeed must still have a pin configured in case of failure so important to remember we then have a setting here to use enhanced anti-spoofing when available not configured yes or no so anything to do with anti-spoofing I always as a security and compliance professional I always think it's absolutely crucial and if yes then devices will use enhanced anti-spoofing when available if no anti-spoofing will be blocked not configurable on a configurations done on the client I really don't like that grammar but that's by the way spoofing relates to email for the most part and an example of that is when you get an email in your inbox and it appears to come from yourself but you know that it hasn't so spoofing is when somebody is able to use your email address um for for various purposes there are occasions where spoofing is actually intended an example of that could be for example sending a an email from a multi-function device so when you're scanning something in and then it's sent to the user's inbox than that that will be an example of of safe spoofing if you like but there we go uh where were we up to the spoofing we've got two more settings in here we've got allow phone signing if allowed users within Azure active directory joined desktops may use a portable registered device as a companion for desktop authentication so the companion device must be configured with a Windows hello business pin so we can sell that to yes or no as needed and then finally use security keys for um sign in now this is one of the two initial drop down options that was enabled that was available sorry um before we enabled Windows hello itself so we already read this one out earlier uh I'd wrote this as a reminder this is use security keys for signing provides the capacity for remotely turning on or off Windows hello security keys for all computers in an organization so we can configure that to be not configured enabled or disabled okay so we'll enable that one and then when you're happy with your settings you can go ahead and click on to save fantastic now I don't really have a Windows client device to effectively demonstrate this experience just at the moment I may come back to this and do this in a in another video to try and demonstrate that experience but I think from the examination point of view and from a learning point of view an administrative point of view it's this is the good stuff this is what you want to be learning what you need to be learning from an admin's point of view how to configure Windows hello for business in the InTune admin Center okay that's one down so that is all the time that we're going to be spending and the InTune admin Center for the rest of this video we are going to spend majority of our time over in the intra admin Center at enter.microsoft.com now you can also get to this from the Azure portal at portal.azure.com and uh then going to active directory you can get to the this same area that we're going to look at here for authentication methods and policies so what I'm trying to do going forward though is that enter is really the go-to admin Center for all things identity and authentication these days it's where Microsoft want you to work so I'm trying to honor that I'm trying to eat my own dog food as the phrase goes the only thing I don't like about the intro admin Center is the inability thus far to no I'm wrong you can oh that's way better you know I don't know how long that's been there um I feel pretty silly if it's been there all along but on other Microsoft portals the collapse the the side panel the side menu tends to be near the top so I'm feeling a little foolish now but for realism I will leave this in the video so you can all have a good chuckle at me but anyhow um what we need to look at here I'm just going back to our study guide very briefly we've looked at Windows hello for business we need to look at how we Implement and manage things like passwordless tokens and the Microsoft authenticator app uh so if we go back to here uh let's just show you how I got there in actual fact or from enter.microsoft.com we navigate down to if it's not expanded just Azure active directory and you might have to just expand the whole thing when you first open it and into protect and secure and Authentication methods and there we are fantastic this is where we want to be let's collapse that side panel because that is going to make me very happy but here we can see some of the authentication methods that are available to us to enable so let's have a look through them um we're in the policy section and we've got some information here to tell us what this section is all about use this policy to configure the authentication methods that you may register and use if a user is in scope for a method they may use it to authenticate and for password reset and some methods are not supported for certain scenarios so click on the learn more for that learn.microsoft.com learn share and repeat if your tenant doesn't yet use combined security info registration turn it on now it's required to use this policy now combine security info registration refers to the registration process for multi-factor authentication and self-service password reset more historically Microsoft 365 tenants had separate registration areas for these two security principles but the combined registration experience is designed to save users time so they're registering for both of these things in one experience this has been available for a quite a few years now but it has more recently become the default experience but if you have an older Talent where you've never explicitly enabled this then just watch out for this and go on see how you turn that on and enable it we've got some information here which is very important as well is that on September the 30th of 2024 so we've got some time yet but it'll come up quicker than we realize but the Legacy multi-factor Authentication and self-service password reset policies are going to be deprecated and you're going to need to manage all authentication methods right here in the authentication methods policy so you need to use this control to manage your migration from Legacy policies to the new unified policy again you can learn more and you can click on manage migration to do that but I've gone off on a little tangent there but it's important to know but we want to look at these authentication methods that we have available to us now we have things like um well specifically in the on the learning guide the study guide it talked about Microsoft authenticator it talked about um third-party software and oauth tokens and that relates to fighter security Keys as well really but there are other methods here available to you and by default these are all disabled I've explicitly enabled two of these in my tenant already as you can see and they are targeted to all users let's take a look at each in turn we'll go through the list in order Fido security key or more precisely a 502 security key now I've actually done a demonstration of setting up a 502 security key previously very recently in fact on um on one of my other channels which I am fortunate to be a part of which is cloud conversations which I co-host with uh four other wonderful Microsoft MVPs I'm going to link in this video you should see it at the top of your screen just about now to that video where you can see me setting up an actual 502 security key so do take a look at that and hopefully you'll find that useful but to enable that let's go in and we've got some two men sections two men tops in each of these authentication methodologies we've got enable and Target so we've got to slide them in to enable it and once you've enabled you'll be able to explicitly include or exclude uh specific users and groups so you can Target all users um or you can select a specific groups who you want to Target those two so I've enabled 502 security key settings for all users that's great that's fine I could have done that by groups as well then if we click on configure we can see some of the settings that we are able to specify for this method under General do we want to allow self-service setup yes or no enforce attestation yes or no again key restriction policy do we want to enforce any restrictions there restrict specific Keys uh do we want to add a guide there and an a a good or not so I'm not going to change anything up here but if you if you wanted to do that add a guide there you'd have to enforce the key restrictions and then at least one a gewyd must be provided to enforce those key restrictions so if you clicked on allow there and that unlocks that gray out you could then go in and undo the necessary so that is fine as it is so I'll discard those changes that I've made there and I'll go back into authentication methods but do check out that video on 502 security Keys the ones the one that I set up foreign key which I found to be very effective indeed Works beautifully well and it's basically it's a bit like a USB stick which you insert into your laptop and when you're logging into Microsoft 365 it will prompt you to insert the key and then touch the key to authenticate so it's requiring a physical response rather than something you know it's something you have okay next the Microsoft authenticator app and this ties into passwordless as well so if you want to set up the passwordless number matching feature you would do it in here under Microsoft authenticator so if we take a look in there that one's enabled as well again I've just enabled this to to all users and then we can um specifically choose the authentication methods the authentication modes more precisely that you want to uh to enforce here so I've selected any but you could just as easily set that to be passwordless or or to push notification now in the modern world of security threats cyber security being what it is right now I would probably recommend going for past wordless um I'll not change this one right now because um I'm happy with that one the way it is just at the moment but um with that the way you want it to be with the included uh users and groups or excluded important as well uh you can now configure your settings for the Microsoft authenticator app and as it says here if you don't know what this is this is an app that you can get on Android and iOS so you can download those free from those respective app stores uh it's a flagship authentication method usable in password or simple push notification approval modes and there we go free to download you can get more information from the learn more uh okay so note users must be included as part of the Microsoft authenticator targeted groups in the enable and Target tab that's yeah there we go I've already done that do we want to allow the use of the Microsoft authenticator one-time password yes or no then we've got some settings here require number matching for push notifications so if the feature is if the feature status is set to Microsoft managed then it will be enabled by Microsoft at an appropriate time after the preview so this is obviously a preview uh feature at the moment and what we're seeing here is that number matching will begin to be enabled for all users of the Microsoft authenticator app starting on the 8th of May 2023 so that's good information there that tells us about the end of that preview so you can go with the Microsoft managed and it'll remind you here that a little enable at one Microsoft are ready for that or you can just enable it you can explicitly enable it if you have uh the confidence that you're ready to do that um so we'll go for Microsoft managing this in this example and you can again include or exclude Target the users and groups that you want then we have the option to show application name in push and passwordless notifications so if you use the authenticator app before and you've used it to be your secondary means of authentication when trying to authenticate the Microsoft 365 you may have seen various differences in what's included on the authentication sometimes you will see an application name this application once accessed do you want to authenticate you want to allow this so we can enable that there a similar thing here geographic location in those notifications you'll sometimes see a map and say this user has tried to log in in this location so these are things that you can enable or disable as needed so lots of good stuff there and then finally at the bottom there Microsoft authenticator on companion applications um we can learn more about that one there but same principle you can set the Microsoft managed enabled or disabled so that's really how easy it is to configure the authentication methods for for two methods already there I'll just discard those for the moment because I don't really want to change those um so really in the in the new world and that we're living in at the moment I would probably say these are the two go-to methods that I would be happy with for an organization I'd be less happy with things like SMS message as a means of authentication um with one-time passwords although I do have that enabled but the the top two would be my go-to but you can configure these ones here as well various of the third-party software or auth tokens for example but that tells you a bit about um the authentication methods in in this first this first bullet point here so excellent Okay so we've got a a few more to go through and we'll get to those next okay next we're going to look at password protection which is in the same location in the Microsoft enter admin Center and the authentication methods and we were in policies in the previous section which we will now move down to the next one password protection and let's just collapse that little sidebar again and see what options we have on here this is a very very straightforward thing to configure nice and simple and very effective for um protecting passwords so a few settings in here that we need to uh to be mindful of when configuring password protection and we start with the custom Smart lockout so what is the lockout threshold how many failed sign-ins are allowed on an account before its first lockout if the first sign-in after lockout also fails and the account will lock out once again so you have to um measure the level of risk that is right for the organization in in question what is their appetite for risk what is their posture um I would probably say as somebody who was very risk-averse that 10 is probably too much I would maybe use take that down to no more than five and then we have the next one down which is the lockout duration in seconds the minimum length and seconds of each lock out if an account locks out repeatedly this duration increases so I think 60 is certainly a good starting point then next we have a custom band password this is off by default but we can set this to yes and to enforce a custom list what this does is that when enabled the words in the list are used in the band password system to prevent easy to guess passwords so if we go on to the next one down so a list of words one per line to prevent your users from using in their passwords you you should include words specific to the organization such as their products the trademarks Industries local cities and towns local sports teams the list can contain up to a thousand words these are case insensitive and common character substitutions are automatically considered to put your band password list in here now next we have password protection for Windows Server active directory as well so if you are working in a hybrid environment if you have your on-premises active directory synchronized to Azure ID then enable this here as well so enable password protection number server active directory and I've set to yes that password protection is turned on for active directory domain controllers when the appropriate agent is installed so you're going to need to install an agent there in order to configure that and this lovely learn more button will take you to the relevant documentation on on how to achieve that so all of these links if I've shared any of them and more will be included in the description on this video finally we have the mode options here and the choices are audit which is the default or enforced now if set to enforce then users will be prevented from setting banned passwords and the attempt will be logged if set to audit however the attempt is only going to be logged so you can view in the audit logs on Microsoft 365 but the actual password protection will not be enforced so there we go nice and simple and I highly recommend that that is put into into place without a doubt now um the one thing that um I always mention when it relates to passwords is that Microsoft for a long time now have recommended quite rightly that you don't require password changes that the enforcing password resets on a regular basis is disabled so that's also something to remember uh with passwords because the more modern authentication methodologies that we have in place that multi-factor authentication and the authentication methods that we've been through in this video they are the the way to go in protecting your users and their authentication processes okay next let's take a look at the self-service password reset or sspr so we expand the side panel again and under Azure active directory if we go back into the protect and secure section where we are currently residing with authentication methods then one down we have password reset now I've obviously uh got some unsaved edits there but I'm happy with that I will just okay that and we will go into sspr and let's collapse that side panel again I'm loving that okay here we go um password reset properties so what we have here is the ability first and foremost to enable self-service password reset at the top here we have three settings non-selected and all and this designates as the information icon shows where the users in this directory can we set their own password choose selected to restrict password reset to a limited group of users and if you're rolling out this feature for the first time then I would highly recommend doing exactly that to test that in a pilot group as you are rolling out the feature another thing to remember is it in an earlier video we enable this feature in setting up Azure ND connect you have to enable that first in order for this to well not necessarily first but it has to be enabled as part of this so just have that in mind okay so what we can do now is by default it's set to none if you select all and it's going to apply to all users or you can get granular here and select groups of people to be targeted for uh self sspr self-service password reset I couldn't remember what it stood for there there you go how long have I been using this product um so it would select a group there but just for the argument of demonstration I'll just set that to all for just now and once you're happy with this setting here you can save it uh and and then move on to the next uh section so um it is important to point out that any privileged administrators such as Global administrators are set up for um the ability to reset their own passwords in any case okay next one down authentication methods now um authentication methods are things that are used in order to reset the password so if you want to reset a password then you have to complete a number of responses and here is where you can set the number of methods required to reset and this area here defines the number of alternative methods of identification a user in the directory must have in order to reset their password that says it a lot better than I did okay so number of methods you can have one or uh two so if we select two then we can choose um whether they are going to have to respond to a mobile app notification a mobile app code uh an email a mobile phone challenge an office phone challenge so I had an actual desk phone that will ring or some security questions and you can toggle these on and off as needed and uh security questions if you enable that one you can set the number of security questions that you want to to register um and and so on and so forth so it's fairly simple to set up I usually like to have this um even though I have it checked for this and this demo tenant it must have been from a previous uh demo that I was doing but I would tend to have a mobile app code certainly mobile app notification I'm I'm never so keen on the notifications I I think having to input Accord is is very good but again this is all going to um come down to the to the level of uh of risk that you uh your organization uh has a posture for shall we say so um have a thing about that when talking to your customers top or I'll setting this up for an organization so there we go so I'm just gonna discard that because I'm I'm happy that that's effective enough to to demonstrate this uh registration for SSP are so um what we have here is uh require users to register when signing in so this is really going to enforce the uh the the process so when they sign in if this is set to Yes um unregistered users are going to be prompted to register their own authentication information if set to know then administrators must manually specify the necessary password reset authentication information in the properties for each user in the directory or instruct users to go to the registration portal URL directly there is a URL that you can supply to users and they can click on that on demand and they can go and reset their password from there so um this is this is a good thing to have especially if you want to get this rolled out and you want to enforce users to sign up for it then we have a setting here for the number of days before users are asked to reconfirm their authentication information this designates how long before users are prompted to reconfirm existing authentication information is still valid up to a maximum of 730 days so you can choose this based on your with organizational risk of posture once again we have some notification settings here as well which can be applied you can choose to notify the users on password reset so this will determine whether or not users receive an email to their primary and alternate email address which they will have to provide which will notify them when their own password has been reset via the self-service password reset portal similarly admins notify all admins when other admins have reset their password and this determines whether or not all Global administrators receive an email to their primary email address when other administrators reset their own passwords via the self-service password reset portal we have some customization settings here we can put in a customized help desk link yes or no and this designates whether or not the contact your administrator link that normally allows users to contact a service administrator directly is overwritten to point to a custom location that you can enter here as required there is the option for on-premises integration as well and we don't have any agents that are capable of Performing password right back at the moment so we would need to install a sync agent and set up a sync engine before installing password right back or enabling password right back this is um what we're seeing here due to the fact that I'm on a 10 that is not synchronized to an on-premises ad but if if you were on such a tenant then you would see that we have administrator policy as well so we can see here uh just a a reminder an overview really of is sspr enabled the number of methods required the methods available to administrators we can look at activity in the audit logs as well so we can see in audit logs here um any entries for when password resets had taken place and we have usage and insights as well where we can see things like users registered for MFA registered for sspr and so on and so forth and we can send a support request from here as well okay so last couple of sections in Implement and manage authentication let's take a look at multi-factor authentication or MFA and then we'll finish off with investigating and resolving authentication issues so MFA first let's uh get ourselves back into the um enter portal and MFA is an interesting one because there are two or three different ways that you can get to it um what I will actually do before we get to that actually is I'll just open another tab and we'll just go to the Microsoft 365 admin Center and users active users multi-factor authentication there Okay so here we can see that configuring multi-factor authentication can be done from this uh this area and this has already been done on this particular tenant and it's managed by conditional access so so what you can do is we can go right into conditional access now there is a legacy MFA portal which should be disappearing very very soon and that was the per user MFA portal which I think we touched on slightly in an earlier video in the series actually so so really we shouldn't be setting up MFA on a per user basis going forward there are there are really three ways of getting that done uh security defaults now which comes with a brand new tenant implemented uh uh if not then we should be using conditional access to implement MFA or we can do it through Azure ID identity protection as well so from here we we can see that we've already configured it with conditional access we can click on there to manage policies and it will take us right into the intra portal and we can see the uh the policies that we have in place so let's just uh give us a bit more screen space again with that lovely new feature that I've discovered while sharing this content with you and we can see in conditional access here we've got some MFA related policies require MFA for admins require MFA for external and guest users when we've got some settings here as well for block or Legacy signings that don't support MFA we've got require MFA and a password change when high risk users are detected and require MFA when risky sign-ins are detected we'll come back to these ones at the bottom is Doom because their tie into Azure ad identity protection which we're going to get to in the next video in the series or one coming up very soon but let's just go ahead and take a look at what this looks like within conditional access so require MFA for admins if you do nothing else then you absolutely have to have this and what you do is go into user assignments and as this was created from the manage section within the um M365 admin portal it's gone ahead and it's selected specific directory roles the common ones like Global admin user admin exchange admin and you can select different ones if you want to and what it's important to do though is to explicitly exclude your break glass account also sometimes known as your emergency access account these are accounts that you should only use in an absolute emergency hence the name of them break glass and emergency access and they are there because conditional access is a very powerful animal and we'll get more into conditional access in in further videos for sure but this is specifically in relation to MFA but always exclude your break class account from the process uh Cloud apps or actions it's selected to all Cloud apps here we've got no particular conditions here we'll see some conditions in those identity protection ones which and we'll get to in one of the upcoming videos and then we get to the controls access controls now what we're going to do here is we're going to Grant access but require multi-factor authentication and it's giving us a little bit of a guide here consider testing the new require authentication strength public preview and we can get a learn more here as well so require authentication strength if we check on to onto that one which um users must use specific authentication methods based on the Authentication strength policies applied so I'll include some links to that in in the chat so we but we can't have that selected there if we've got require MFA selected so we can only select that if we unselect it multi-factor authentication so to show you a little bit more about that so require authentication strength we've got some options there multi-factor authentication combinations of methods that um I don't know why that's not displaying um too effectively but if we select that one as it's uh that's very unfriendly um combinations of methods passwordless MFA fishing resistant MFA the screen real estate on here is not so great but these are other methods of um authentication strength and that's a fairly recent addition to the options in conditional access for setting MFA so really in short you should be setting up a MFA in in one of those three ways definitely not per user MFA anymore because that experiences being deprecated so don't use that from the admin Center you use the method that we saw here to get us to enter by managing it and setting up conditional access policies or use Azure ID identity protection in conjunction with conditional access which we'll go into in more detail in the next video as I said so uh that hopefully gives you an idea of MFA um nice and simple and the the experience of MFA I'm I'm hope hoping and sure very sure of the fact that you will be very familiar with the experience of logging in using MFA to the M365 portal you've seen it enough in the videos that I've shared so far where you put your username and password in and then you get challenged for a second form of authentication be that the authenticator or Apple Fido token or whatever else so lots of documentation about MFA will be included in the description for this video but that is it from a conditional access point of view watch out for identity protection in there in the next video and you can see earlier on in this video series how we applied it using how it was applied shall we say it by using security defaults okay final step on our journey here is to just have a look at some of the monitoring capabilities uh to to troubleshoot things within within Azure ad and I've got this open in the um in the Azure portal but similarly you can get there via the the intra portal as well just demonstrating I have the same result can be achieved by those different portals so um here we go um in enter that's under monitoring and health and we can see everything like sign in logs for example this is going to give us sign in events so when people have signed in the date the request ID the user the application so it's what portal it is whether it was successful interrupted or whatever else and you can click on these and get lots of good detail on the fly out panel basic info location device info authentication details conditional access if it was in reporting only mode for conditional access as well auditing logs again you can get some logs here to to show um activity for what's been going on in relation to Azure ID with an intra we can look at things like diagnostic settings as well and provisioning logs but for that if we click under these you're going to need an Azure subscription to use that capability so I take a look in the in the documents that I've referenced in the description to learn more about that but because we're not going to go into that level of depth and indeed you probably don't need that level of depth more than a general awareness in relation to if you're taking the exam for example so uh with that I think we have been through all of this section here Implement and manage authentication uh some of it at a higher level than others we've not really had the opportunity to investigate or resolve but I've pointed you in the right direction of where to look and you get more information on those links in the description so there we go and that's it for another video folks absolutely brilliant in the next video we are going to close out the identity and access section of the ms102 exam study guide and we're going to be focusing on Azure ID identity protection we're going to get deeper into conditional access as well so you'll know in this video we didn't really do a lot with conditional access we're going to look a lot more into those topics in the next video which will tie up our identity and access portion of the exam guide and then we're really moving on to some great stuff after that with uh Defender for Office 365 and endpoint and then rounding things off in this series with a bit of Microsoft purview so hope you've enjoyed it thanks for your time as always please do subscribe to the channel I really appreciate it when you do that please like please share please uh leave me some comments let me know what your experience has been with implementing the Technologies either live or in test that we've been discussing on this video series I'd love to hear your thoughts thank you so much we'll see you on the next video take care bye-bye foreign foreign

Info

Channel: Peter Rising MVP

Views: 1,967

Rating: undefined out of 5

Keywords: Microsoft 365, M365, Azure AD, Azure Active Directory, Authentication, Passwordless, Password, Azure, Microsoft

Id: AQ7Kt8i8ta0

Channel Id: undefined

Length: 52min 21sec (3141 seconds)

Published: Tue Apr 18 2023