Password Management (part 1)

By Ashwin Venugopal -

 



To read part 2, please click here
To read part 3, please click here







Password Policies & Authentication

However, Microsoft 365 provides secure access by asking users to sign in with a password, you have to perform various tasks to manage them for your organization's users which may include changing passwords, setting password expiration, resetting passwords, etc.

Setting Password Expiration

This policy can be changed with the help of following steps:
  1. Select the Security & Privacy tab on the Settings menu in the Microsoft 365 admin center.
  2. Now select the Password Expiration Policy in the tab.
  3. Select "Set user passwords to expire after a number of days" and specify the number of days between 14 and 730 for password expiration.
  4. The number of days should be between 1 and 30 for the notification warning of password expiration.
  5. Finally, save your settings.

If a user is not able change his or her password before the expiration time has elapsed, they can either change it with the help of Password update page which always appears the next time they sign in or you can reset their password for them. Whereas, to disable a password expiration for single users using PowerShell, you can use the Set-MSolUser cmdlet with the -PasswordNeverExpires parameter.

Resetting User Passwords

The Active users page will help you to reset a password for one or more users by assigning a new randomly-generated password or a password of your choice and you can also select whether users want to change their password at their next sign in.

Resetting Admin Passwords

If you forget your own administrator password, you can opt for following options:

  • Ask another administrator to reset it for you- Here, the other administrator should be a global admin, a user management admin, or a password admin and if your account is a global admin one, then you can easily get another administrator with a global admin account to reset it for you.

  • Reset the password yourself- You can use the Can't access your account? link present on the sign-in page of Microsoft 365 to reset your password and if you follow the instructions given by the link, you will be sent an email with a link allowing you to reset your password.    

Note- The entire admin password reset process must be completed within 10 minutes if you are resetting the password for yourself, else you have to start the process all over again. 

Multi-factor Authentication

Multi-factor authentication provides secure access to data and applications and requires two or more than the following authentication methods:

  1. Something you know (typically a password)
  2. Something you have (a trusted device that's not easily duplicated, like a smart device or a badge)
  3. Something you are (fingerprints, iris/retina scan, facial recognition) 

Require MFA

As MFA provides an extra layer of security and is managed from the security center, it also contains the following subset of MFA authentication capabilities:

  • Use mobile apps (online and one-time password) as a second authentication factor
  • Use a phone call as a second authentication factor

Some methods to enforce MFA are:

  • Require users to authenticate their smartphone, laptop, or other devices with MFA before registering with Intune to access your network.
  • Monitor the health of your user accounts with Azure AD, and requires users to reset their password, re-register for MFA, or revoke existing MFA sessions from their user objects whenever needed.

The MFA can enabled in the Microsoft 365 admin center with the help of following steps:

  1. Select Users and then Active Users in the admin center.
  2. Select multi-factor authentication in the Active Users section.
  3. On the MFA page, you can either select a user(s) to enable this for one user(s) or select Bulk update to enable multiple users with a CSV file. 
  4. Select Enable under quick steps.
  5. Now click enable multi-factor auth in the pop-up window. 

After successfully enabling users for MFA, the following options can be used as the second authentication factor:

  • Call to phone-Users will receive a phone call with instructions for users to press the pound key after which the users are signed in. 

  • Text message to phone- Users will receive a text message containing a six-digit code that they must enter into the Microsoft 365 portal.

  • Notification through mobile app- Users will configure a smartphone app that will receive a notification that users should confirm to sign in to Microsoft 365 and available for Windows phone, iPhone, and Android devices.  

  • Verification code from mobile app- Users can configure a smartphone app and enter a six-digit code from the app into the portal. 








To read part 2, please click here
To read part 3, please click here












Comments

Post a Comment

Popular posts from this blog

Query, Visualize, & Monitor Data in Azure Sentinel

By Ashwin Venugopal -
Image
  Azure Sentinel Workbooks Several ready for use templates are provided by the Azure Sentinel that can be used to create your own workbook and then modify them as needed for Contoso. Most of the data connectors it uses to ingest data come with their own workbooks, but better insight can be obtained by simply looking into the data that is being ingested by using tables and visualizations, including bar and pie charts. You can also make your own workbook easily by using this data from the beginning instead of using the predefined templates. Workbook Page You can easily access the workbook page from the Azure Sentinel from the navigation pane which consists of the: Workbook header- You can add a new workbook and review the saved workbooks as well as templates that are available on the workbook page. Templates section- You can access existing workbook templates on the Templates tab. You can save some of the workbooks for quick access and they will appear on the My Workbooks tab.  From the
Read more

Planning for Implementing SAP Solutions on Azure (Part 2 of 5)

By Ashwin Venugopal -
Image
  To read part 1 please click  here To read part 3 please click  here To read part 4 please click  here To read part 5 please click  here Load Balancing The load balancer uses probe ports to determine as well as route the traffic to an active DBMS node, but of there's any failover then the most common SAP application architecture can automatically reconnect against the private virtual IP address without the need for the SAP application to reconfigure it, while the load balancer redirect the traffic against the private virtual IP address without any need for the SAP application to reconfigure. The loaf balancer also offers an option of DirectServerReturn which if configured, can help in directing the traffic from the DBMS VM to the SAP application layer directly to the application layer without routing through the load balancer. But, if it isn't configured, then the return traffic to the SAP application layer is routed through the load balancer. You can also use Azure Load Balan
Read more

Work with String Data Using KQL Statements

By Ashwin Venugopal -
Image
  Extract Data from Unstructured String Fields Unstructured string fields often contains the Security log data and requires parsing to extract data. There are multiple ways of pulling information from string fields in KQL and the two primary operators used are extract and parse.  Extract It gets a match for a regular expression from a text string. You can convert the extracted substring to the indicated type.  Arguments regex- A regular expression. captureGroup- A positive int constant indicating the capture group to extract. 0 stands for the entire match, 1 for the value matched by the first '('parenthesis')' in the regular expression, 2 or more for subsequent parenthesis.  text- A string to search. typeLiteral- An optional type literal. If provided, the extracted substring is converted to this type.  Returns If regex finds a match in text- the substring matched against the indicated capture group captureGroup, optionally converted to typeLiteral. If there's no mat
Read more