iPhone users are going to not like you very much because its going to break their beloved Mail app and will be forced to use Outlook on iOS, which is horrendous.Not that its insecure because its more secure than SMS messaging (SIM swapping attacks), but if the person is on their cell phone for company use with someone else and Microsoft tries to call them to authenticate the user to M365/O365, they're probably going to miss the Microsoft call and not be able to authenticate. I will agree with the Authenticator app on both platforms, but will expand. I would also suggest disabling SMS (its in the config settings) and only allowing the MS Authenticator App as that is much more secure. with enabled its still option and the user is given the choice. If you have to go the manual route I suggest setting it to enforced. This option isn't as good because you have to manually enable it for every account you create but with 20 users it is manageable. If you don't have the AAD P1 or P2 license then you need to enable it per user as Judeeden states. If you have any license that includes Azure AD P1 or P2 then you want to use Conditional access as others have stated. This is true if you don't have a Premium or higher license. Whenever someone gets a new cell phone we help them as well. Some are apprehensive about putting Authenticator on their phone so we always mention that it hardly takes any space/data and does no tracking. Then you change it to enforce in the admin console. (yes, use the authenticator app as other methods aren't as secure). Enabling prompts them to set up 2FA when they log into We help each new user with their first-time set-up as part of our new-hire intake. You have choices for Enable, Enforce, Disable.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |