What Is Azure AD Authentication Strength? New Grant Control for Azure AD

Are you looking to set up enhanced security protocols for accessing sensitive internal applications in Azure AD? 

‍

Microsoft just announced a new preview feature that lets you set a pre-determined authentication strength for external logins and guest access in Microsoft Entra — the new access control and identity management platform from Microsoft that also includes Azure AD.

‍

But what is authentication strength? And how exactly can you configure this new feature to work in Azure Active Directory? In this article, we break down everything you need to know to set up this new conditional access policy (CAP) using grant controls in Azure AD and Microsoft Entra. 

‍

Azure AD Authentication Strength: Unpacking the New CAP

Authentication strength is a new grant control in Azure AD conditional access that lets you specify different multi-factor authentication requirements that users must comply with to access sensitive applications. It helps you set up additional security protocols for sensitive applications and resources without compromising the user experience.

‍

When specifying your authentication strength, you can either choose a built-in authentication strength or set up a custom one from scratch. The three built-in authentication strengths available currently are:

• Multifactor authentication strength

• Passwordless MFA strength

• Phishing-resistant MFA strength

Each of the built-in authentication strengths has a combination of pre-defined authentication methods that the user can complete to satisfy the strength requirements. You can also create custom authentication strengths by combining different methods by yourself. 

‍

Scenarios for Using the New Azure AD Authentication Strengths

Let’s take a look at the list of common scenarios where you should use authentication strength for access management in Azure AD:

• When you require strong authentication methods to limit access to a sensitive resource.

• When you want to use specific authentication methods when a user account takes a sensitive action within an enterprise application.

• When you want to specify a combination of authentication methods for when a user signs in to sensitive applications outside the corporate network.

• When you need to securely authenticate users who are at high risk.

• When you must specify authentication methods for guest users requesting access to a resource tenant.

‍

How to Set Up Azure AD Multi-Factor Authentication Strength

Here are the step-by-step instructions for manually setting up the new multi-factor authentication strengths within your Azure AD tenant, including choosing an authentication strength and creating a conditional access policy.

‍

• Sign in to the Azure portal. Make sure to have the appropriate permissions by logging in as a global, security, or conditional access administrator.
• Go to Azure Active Directory > Security > Authentication methods > Authentication strengths (Preview).
• Choose one of the built-in authentication strengths to get started or create a custom one.

‍

Automatically Set and Apply Azure Active Directory Authentication Strengths With Simeon Cloud

When you’re an enterprise administrator managing multiple tenants at scale, it can easily feel cumbersome and impractical to manually set and apply all these different conditional policies for every tenant by hand.

‍

Thankfully, you can automate it all with Simeon.

‍

Simeon Cloud is an end-to-end configuration management solution for Microsoft 365 that covers Office 365, Azure AD, Microsoft Azure, Teams, and Intune. It lets you roll out conditional access policies across multiple tenants within your organization with a single click as well as roll back those policies should anything not work as intended.

‍

We’re currently working on supporting the new authentication strengths introduced by Microsoft.

‍

With Simeon, you also gain access to a pandora’s box of other configuration management tools like backup and restore, baseline configuration, automated provisioning, end-to-end lifecycle management, application packaging, and more. 

Interested in learning more about how Simeon can help you securely manage your complete enterprise ecosystem? Sign up for a quick demo and see for yourself!