PARTNER ADVISORY UPDATE
Heads up! Microsoft has announced important changes to Microsoft-managed policies and the auto-rollout of multifactor authentication (MFA)-related Conditional Access policies in customer tenants. These policies are part of its Secure Future Initiative. Let’s take a look at what this means for our partners, what you need to know and do, and where we can help.
Understanding the latest changes
There are three significant policies being rolled out that affect Microsoft Entra ID P1 and P2 tenants, where security defaults are not already enabled.
- Multifactor authentication for admins accessing Microsoft admin portals
Admin accounts are highly susceptible to attack. Roles that Microsoft considers to be highly privileged will now require MFA when signing into Microsoft admin portals. - Multifactor authentication for per-user multifactor authentication users
Anyone with per-user MFA will now be targeted by Conditional Access, and will need to perform multifactor authentication for all cloud apps. This policy only applies to licensed users with Entra ID P1 and P2, where the security defaults policy isn’t enabled and there are less than 500 per-user MFA enabled enabled/enforced users. - Multifactor authentication and reauthentication for risky sign-ins
This policy specifically affects customer tenants with Entra ID P2. It provides for an additional layer of security that triggers only when high-risk sign-ins are detected, and will disrupt active attacks in real-time. If this policy is triggered, users will be prompted to self-remediate with MFA and reauthenticate to Entra ID.
What you should do now
- Familiarise yourself with the relevant policies
These policies are being automatically rolled out to your customer tenants. Its important to be up to date and get the relevant folks on your team up to speed. - Get in front of the automated updates
These policies should already be enabled for tenants but there is always a chance that some may have slipped the net. If so, you may prefer to retain control of the situation and timing of updates for your customers, rather than have them be subject to Microsoft’s timeline and priorities.Move quickly to identify any affected tenants, advise them of policy change requirements, and what you will implement on their behalf to rectify.Remember: there is no cost to the customer and little-to-no change to the end-user experience as a result of these policy updates.
How we can help
If you’re unsure about any aspect of this latest policy update, or need rapid air cover to take action for your tenants, get in touch with your account manager or email tag.productivity@crayon.com.
For more information about these changes, head over to the latest Microsoft blog for all the details.