Are you looking to set up enhanced security protocols for accessing sensitive internal applications in Azure AD?
Microsoft just announced a new preview feature that lets you set a pre-determined authentication strength for external logins and guest access in Microsoft Entra — the new access control and identity management platform from Microsoft that also includes Azure AD.
But what is authentication strength? And how exactly can you configure this new feature to work in Azure Active Directory? In this article, we break down everything you need to know to set up this new conditional access policy (CAP) using grant controls in Azure AD and Microsoft Entra.
This article covers:
Authentication strength is a new grant control in Azure AD conditional access that lets you specify different multi-factor authentication requirements that users must comply with to access sensitive applications. It helps you set up additional security protocols for sensitive applications and resources without compromising the user experience.
When specifying your authentication strength, you can either choose a built-in authentication strength or set up a custom one from scratch. The three built-in authentication strengths available currently are:
Each of the built-in authentication strengths has a combination of pre-defined authentication methods that the user can complete to satisfy the strength requirements. You can also create custom authentication strengths by combining different methods by yourself.
Let’s take a look at the list of common scenarios where you should use authentication strength for access management in Azure AD:
Here are the step-by-step instructions for manually setting up the new multi-factor authentication strengths within your Azure AD tenant, including choosing an authentication strength and creating a conditional access policy.
When you’re an enterprise administrator managing multiple tenants at scale, it can easily feel cumbersome and impractical to manually set and apply all these different conditional policies for every tenant by hand.
Thankfully, you can automate it all with CoreView.
CoreView Configuration Manager for Microsoft 365 covers Office 365, Azure AD, Microsoft Azure, Teams, and Intune. It lets you roll out conditional access policies across multiple tenants within your organization with a single click as well as roll back those policies should anything not work as intended.
We’re currently working on supporting the new authentication strengths introduced by Microsoft.
With CoreView Configuration Manager for Microsoft 365, you also gain access to a pandora’s box of other configuration management tools like backup and restore, baseline configuration, automated provisioning, end-to-end lifecycle management, application packaging, and more.
Interested in learning more about how CoreView can help you securely manage your complete enterprise ecosystem? Sign up for a quick demo and see for yourself!