Summary
This module focused on configuring secure password policies, which is one of the most important responsibilities for a Microsoft 365 Administrator. Organizations must ensure that access to their company data on Microsoft 365 is always secure. They must also protect the data from unauthorized access.
You learned that Microsoft 365 uses password policies to include various password management features. Password policies require users to complete actions that increase password protection. These tasks can include:
- Changing passwords at specified intervals
- Creating complex passwords
- Resetting their own passwords
- Signing in with multifactor authentication
This module also examined how pass-through authentication simplifies user authentication for organizations with a hybrid Microsoft 365 deployment. Until recently, deployment and management of the locally deployed AD FS infrastructure was often too demanding and too complex for some organizations. For example, with AD FS federated authentication, organizations must establish a federation trust relationship between on-premises Active Directory and Microsoft 365 and Microsoft Entra ID. A federated trust requires managing and maintaining certificates, federation metadata, and trust configurations. In contrast, PTA eliminates the need for a federation trust, simplifying the setup and reducing the administrative overhead. You learned that PTA also provides several other features that simplify authentication, such as reduced complexity and administration, simplified deployment, and support for password hash synchronization.
This module also examined how multifactor authentication in Microsoft 365 helps increase security. Multifactor authentication requires users to provide a user name and a password while signing in along with a second authentication method. The second authentication method might be acknowledging a phone call, text message, or an app notification on their smartphone. Once the system verifies a user's user name, password, and second authentication method, the user can sign in to Microsoft 365. You also learned that you can enable users who authenticate from a federated, on-premises directory for multifactor authentication.
You also learned about two other password management features - self-service password reset (SSPR) and smart lockout. SSPR enables users to reset their own password without requiring intervention by an administrator. Smart Lockout locks out bad actors who are trying to guess users’ passwords or use brute-force methods to gain access. It can recognize sign-ins coming from valid users and treat them differently than ones of attackers and other unknown sources. Smart Lockout locks out the attackers, while letting your users continue to access their accounts and be productive.
The module then examined how organizations can further secure user access through conditional access policies. Conditional access policies protect regulated content by requiring users to meet certain criteria before the system grants them access to the content.