Blog series Passwordless: But why? Enable passwordless Temporary Access Pass FIDO2 Security keys Windows 10 device onboarding and Windows Hello for Business PowerShell administration without a password Microsoft Authenticator app Restrict FIDO2 key usage & conclusion Recap In the first two blogs of the series, I highlighted the concept and benefits of Passwordless and took the necessary configuration steps in the Entra ID (Azure AD) Tenant. Now we turn to the first piece of the puzzle towards a true passwordless sign-in.

Blog series Passwordless: But why? Enable passwordless Temporary Access Pass FIDO2 Security keys Windows 10 device onboarding and Windows Hello for Business PowerShell administration without a password Microsoft Authenticator app Restrict FIDO2 key usage & conclusion Enable passwordless Before things can get started and the first admin is able to work without a password, a few functions have to be enabled in Entra ID (Azure AD). Optionally, sign-ins in the browser are additionally secured by a conditional access policy.

Preface There is currently a lot of talk and writing about passwordless authentication in the Microsoft community. But what does it mean in everyday life to use your own account without a password? Which requirements have to be fulfilled and which restrictions come along with it? In this blog series, I will provide you with an overview of the current state of the existing technologies and explore them step by step.

The new website for the combined security information registration, as Microsoft officially calls it, allows users to set up MFA and the necessary information for self-service password reset (SSPR). It is also a prerequisite for setting up FIDO2 security keys, the use of “user actions” in conditional access policies, and will certainly be required for any new two-factor methods. At first glance, however, these changes do not benefit the individual user.

TIL; Today I Learned TIL is a blog series in which I document (for me) interesting insights. This knowledge is possibly already documented a hundred times on the Internet. But so i can find it again i wrote it down here. Microsoft has been preparing a fundamental change to the way sign-in logs are being displayed and stored for some time. This helps in the analysis of sign-in processes, as it distinguishes, for example, whether the user signs-in interactively or with a stored credential (non-interactive).

The increasingly widespread use of SaaS email service providers such as Exchange Online, G-Suite, Amazon SES, SendGrid and others is a challenge for email administrators. To prevent emails to customers from ending up in the spam filter or not being accepted at all, a proper configuration of DMARC, DKIM and SPF is mandatory. Especially with SPF, it is easy to simply add all the ‘include’ entries of the third-party providers. However, this can also backfire if, for example, the maximum number of DNS lookups (10) or the maximum length of a TXT DNS record (255) is exceeded.