Share via

Azure AD B2C Tenant - Emergency Accounts - MFA & SSPC

DonnaSmith 141 Reputation points
2023-02-08T11:41:48.7133333+00:00

MFA & SSPR Guidance Required

  • 2 x B2C Tenants, billing: MAU - 1 x PROD, 1 x DEV
  • 1 x emergency account (local) set as Global Admin per tenant
  • 3 keyholders - different geographical locations, will run routine checks on the accounts

Turned off security defaults as cant have MFA on the EA accounts till we sort MFA approach. Cant use shared mbx so how do we implement MFA that can be accessible by the users in diff locations i.e not tied to a single user device. Any recommended software web based authenticator apps we can use to generate a code? I have per user multi-factor authentication in place and enabled for all other admin users.

SSPC - How do I implement self service password change for admin accounts only - looks like it requires a user flow but we don't need this for consumers. I think we could utilise policy but i dont have conditional access as we are not using P1 or P2 licenses. Would it really be necessary to use premium licenses and if so what sort of cost would this introduce. Any advice available?

Thanks

Donna

Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,142 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
3,077 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Shweta Mathur 30,256 Reputation points Microsoft Employee
    2023-02-20T05:53:28.9366667+00:00

    Hi @DonnaSmith ,

    Thanks for reaching out and apologies for delay in response.

    You can enable MFA through number of ways.

    Conditional Access is recommended approach to protest users which also provide you option to exclude users such as Emergency Accounts to enforce MFA.

    However, conditional access requires Azure AD P1 or P2 feature to apply rules to require MFA.

    For free Azure AD free tenants, you can use security defaults to protect users, but you can't control the behavior to define your own rule.

    In your case, per user Azure AD MFA can be used to enabled MFA for each user individually based on the scenario.

    For Password change (not reset) is available in Free edition of Azure AD.

    If you just want to change your password, you can do it through the Office 365 portal or the My Apps portal.

    Sign into your Office 365 portal and select your profile on upper right side and select View account.

    A new page will show change password which will allow admin to change the password.

    Also, the conditional Access is a feature that is available with Azure AD Premium P1 and P2 licenses. If you're not currently using these licenses, you would need to purchase them in order to use Conditional Access. The cost of these licenses will depend on the number of users you need to license and the specific pricing for your region. You can find more information on Azure AD pricing on the Azure website.

    Hope this will help.

    Thanks,

    Shweta

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.