MFA and Windows Hello

We recently had the opportunity to host a Microsoft Security CIE at my work. It was a good event and allowed the business to see what we can do with our current o365 environment to improve security. this had lead to a number of new projects for the year one of those being the deployment of MFA. We are in the testing phases of using it and with conditional access so far so good. The post below is a little old but has good information to follow on setting up MFA and conditional access.

https://practical365.com/security/azure-active-directory-conditional-access-enforce-multi-factor-authentication/

Now with the MFA testing, I’m pushing the limit and looking into how we move to a password-less or never changing password environment.

https://practical365.com/security/microsoft-recommending-non-expiring-passwords-to-office-365-customers/

To go with this I’m looking to test Microsoft hello with our surface devices. Microsoft hello allows you to use the camera or a pin to log into your computer. The idea is if you never change your password and you don’t have to enter it every time to unlock your computer, you can create a much longer passphrase with random words that is hard to guess but easy for you to remember. I’m just starting to read up on the setup of microsoft hello on the MS doc site

https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings

I’ll update the post as I go through our testing. Have you implemented MFA or microsoft hello, if so leave me a note in the comments below.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.