Introduction
In this module, you implement and manage authentication methods in Microsoft Entra ID, including multifactor authentication (MFA), passwordless authentication, and self-service password reset (SSPR). You learn to deploy modern authentication solutions that balance security with user experience.
Scenario
You're a security engineer at Contoso Corporation, a healthcare technology company that's modernizing from on-premises Active Directory to a hybrid cloud environment. Your CISO has issued a mandate: all users must use multifactor authentication and passwordless sign-in within 90 days to meet new compliance requirements and reduce the risk of credential-based attacks.
Your help desk currently processes over 200 password reset requests weekly, costing approximately $50 per incident. Recent phishing attempts targeting employee credentials have heightened security concerns, especially as Contoso expands into AI-powered healthcare analytics using Azure AI Foundry and Microsoft Copilot for Microsoft 365.
Your task is to implement a comprehensive authentication strategy that strengthens security, improves user experience, and reduces operational overhead.
Learning objectives
In this module, you will:
- Configure and deploy multifactor authentication (MFA) for users and groups.
- Implement passwordless authentication methods including FIDO2, Windows Hello for Business, and Microsoft Authenticator.
- Configure self-service password reset (SSPR) with appropriate authentication methods.
- Design authentication policies that balance security requirements with user experience.
- Monitor authentication activity and troubleshoot common authentication issues.
- Configure authentication methods for AI-powered services and applications.
Prerequisites
- Azure administrative experience.
- Basic understanding of Microsoft Entra ID concepts.
- Familiarity with identity and access management principles.