Implementing Multi-Factor Authentication
Configuring Application Access
Implementing Access for External users
The course is part of this learning path
This course has been designed to teach you how to manage Microsoft 365 access and authentication. The content in this course will help prepare you for the Microsoft 365 Identity and Services exam.
The topics covered within this course include:
- Managing Authentication
- Implementing Multi-Factor Authentication
- Configuring Application Access
- Implementing Access for External Users of Microsoft 365 Workloads
Who should attend this course?
- Those who are preparing for the Microsoft 365 Identity and Services exam
- Those looking to learn more about Microsoft 365
- To learn how to configure and monitor authentication
- To learn how to administer MFA and report on its utilization
- To learn how to configure application registration and use Azure AD Application Proxy
- To learn how to use Azure Active Directory B2B to add and manage external users
To get the most from this course, you should at least be familiar with the Microsoft 365 offering and have a general understanding of its features.
- [Instructor] In this demonstration, let's walk through the process of configuring self-service password reset as a means to enable users to reset their passwords or unlock their accounts. To prepare for this demonstration, I've created a test user named Joey Knish, and I've placed him in a group called PilotUsers. My Azure Tenant already has a trial version of Azure AD Premium P2 provisioned. To enable self-service password reset for Joey Knish from the Azure portal, what I need to do is browse to Azure Active Directory and then click Password reset. From the Properties page, I'm going to choose Selected under the Self-Service Password Reset Enabled option. This allows me to specify who gets SSPR. What I need to do here is specify the pilot group that I want to configure SSPR for. So I'll select my PilotUsers group and then I'll click Save. For this exercise, I'm going to require just one authentication method in the Authentication Methods page, but I'm going to make two options available to my users in my PilotUsers group. I'm going to leave the default email and mobile phone options set so I don't have to save any changes here. Now although I'm making two available, I'm only going to require one, by setting the number of methods required to one up above. Next, I'm going to click over on the Registration page, and what I'm going to do on the Registration page is require users to register when they sign in. And I'm going to set the number of days before users are asked to reconfirm their authentication information to a year, or 365 days. So we'll set the number of days here and I can click Save to save my settings. At this point I have SSPR configured for the PilotUsers group, so let's test it out using Joey Knish's account. To test with Joey Knish's account, let's open a new incognito window and browse to portal.azure.com. What I'll do here is sign in as Joey Knish. As you can see, I'm immediately prompted for some more information. So I'll go ahead register my authentication phone and ask Azure to text me. After I receive my verification code on my phone, I just have to enter it here and click verify and then finish. With my registration complete, let's open a new incognito window and browse to https://aka.ms/sspr/. This is the self service password reset URL. We'll go ahead and try and reset Joey Knish's password. What I'll do here again is login as Joey Knish. And after logging in, I'm prompted to verify my account and to reset my password. After I reset my password, Azure lets me know that I've successfully done so. Now, if I wanted to apply this same requirement to other users, I could just add them to the PilotUsers group. If I wanted to apply it to a larger set of users, I could create another group all together and apply the same settings. I could then add all of my production users to that group, just like I did for the Joey Knish pilot user. To disable self serve password reset, I just have to click back out to Azure AD and then click on Password Reset. From the properties page, I simply select none under self service password reset enabled and then save my settings. By doing this, I've now disabled SSPR.
About the Author
Tom is a 25+ year veteran of the IT industry, having worked in environments as large as 40k seats and as small as 50 seats. Throughout the course of a long an interesting career, he has built an in-depth skillset that spans numerous IT disciplines. Tom has designed and architected small, large, and global IT solutions.
In addition to the Cloud Platform and Infrastructure MCSE certification, Tom also carries several other Microsoft certifications. His ability to see things from a strategic perspective allows Tom to architect solutions that closely align with business needs.
In his spare time, Tom enjoys camping, fishing, and playing poker.