foreword
Received notice from Microsoft a few weeks ago that a secure default will be enabled for Business Global in the first few days, i.e. Force Global 2FA.
2FA, that is, two-step verification, two-factor verification, generally SMS verification code, email verification code, password device (such as Google and Microsoft)
But this thing will only disgust itself in most cases. This article describes how to close it.
Reference documents and related websites
2-Step Verification FAQ for work or school accounts
close guide
Note that personal accounts (login to the domain name live.com) can be closed directly. Work and school, that is, For Business can only be turned off by administrators
Preliminary settings
What needs to be done is to first disable the security defaults in the AZ console, you need to log in with the administrator email
- Sign in to the Azure portal as a Security Admin, Conditional Access Admin, or Global Admin.
- Browse to Azure Active Directory > Properties.
- Select Manage Security Defaults.
- Set the Enable Safe Defaults toggle to No.
- Select Save.
Then go to MS ADMIN control panel, find users -> open user details -> account (bottom) -> multi-factor authentication (manage multi-factor authentication) to see if they are all disabled. (you can try to enable and disable)
Second order settings
[If you have the following phenomenon, it is very likely that your security defaults have not been closed successfully]
Then go to https://mysignins.microsoft.com/security-info [This page must have 2FA to enter]
Delete the login method.
After logging in, it will show
Don’t lose access to your account!
To ensure that you can reset your password, we need to collect certain information in order to be able to verify your identity. We will not use this information to spam you – just to keep your account more secure. You must set at least 1 of the following options.
Authentication phone is not configured. Set it up now
Authentication email is not configured. Set it up now
But you can just “look good” and skip this setting. (But only temporarily skip 14 days)
tertiary settings
https://account.activedirectory.windowsazure.com/proofup.aspx?proofup=1
Other security verification
You will also need to respond with the registered device when logging in with a password. This will make it more difficult for hackers to log in with just a stolen password. Watch the video to learn how to protect your account
What is your preferred option? We will use this verification option by default.
How would you like to respond? Please set one or more options. to know more information
For account security, only your phone number will be used. Standard phone and text message charges will apply.
https://ift.tt/ZTumXA4
https://ift.tt/ZTumXA4
https://ift.tt/ZTumXA4
Trusted ip [this is a whitelist]
Skip multi-factor authentication for requests from federated users on my intranet
Skip multi-factor authentication for requests from the following IP address subnet ranges
Authentication options
Methods available to users:
call phone
Text message to phone
Notifications via mobile app
Captcha provided by mobile app or hardware badge
Remember multi-factor authentication on trusted devices
Allow users to remember multi-factor authentication on devices they trust (1 – 365 days)
The number of days users can trust the device
https://portal.azure.com/#view/Microsoft_AAD_IAM/FeatureSettingsBlade
Starting September 30, 2022, the combined registration experience for multi-factor authentication and SSPR will be enabled for all tenants.
Users can use the preview feature of My Apps
Users can sign up for the experience with the combined security information
Admin can access “My Staff”
This article is reprinted from https://www.blueskyxn.com/202210/6708.html
This site is for inclusion only, and the copyright belongs to the original author.