Microsoft has unveiled plans to take the decision on which authentication method to use out of your hands, instead offering prompts based on security levels.
Having already written about the disadvantages of using SMS and voice-based multi-factor authentication (MFA) methods, citing social engineering, mobile operator performance, technical evolution, and more, Microsoft VP Director of Identity Security, Alex Weinert, has now alluded to more secure approaches.
Weinert explained users typically opt for less secure MFA methods despite having access to better options out of convenience, technical limitations, or simply a lack of awareness.
Microsoft MFA methods
With the change, users that have registered more than one authentication method will be prompted to sign in with the most secure. Out of SMS and a Microsoft Authenticator push notification, the system will choose the latter, though users will still be able to use the non-preferred method if their circumstances require it.
An instruction page has been set up to guide system admins to set up system-preferred multi-factor authentication via the Azure Portal and via GraphAPI.
Having rolled out to come users on an automatically disabled basis already, it will now begin to roll out more widely, and automatically enabled. At some point, Microsoft will remove the option to disable system-preferred MFA altogether, though a timeline for this isn’t expected to be publicized for a few weeks.
Weinert says: “To best secure your organization and its end users, we highly encourage you to use the rollout controls and deploy this new feature as soon as you can. It’s now available in your tenant, making it easy to ensure users always use the most secure authentication method first.”
English
Arabic
Belarusian
Bengali
Bosnian
Bulgarian
Chinese (Simplified)
Croatian
Czech
Danish
Dutch
Estonian
Filipino
Finnish
French
Georgian
German
Greek
Gujarati
Hausa
Hebrew
Hindi
Hmong
Hungarian
Igbo
Indonesian
Italian
Japanese
Javanese
Kazakh
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Macedonian
Malagasy
Norwegian
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Serbian
Slovak
Slovenian
Spanish
Swedish
Thai
Turkish
Ukrainian
Vietnamese
Yoruba