Summary
This module focused on configuring secure password policies, which is one of the most important responsibilities for an Enterprise Administrator. Organizations must ensure that access to their company data on Microsoft 365 is always secure. Additionally, the data must also be protected from unauthorized access.
You learned that Microsoft 365 includes various password management features that are maintained through password policies. Password policies require users to complete actions that increase password protection. These tasks can include:
- changing passwords at specified intervals
- creating complex passwords
- resetting their own passwords
- signing in with multifactor authentication
This module also examined how pass-through authentication simplifies user authentication for organizations with a hybrid Microsoft 365 deployment. Until recently, deployment and management of the locally deployed AD FS infrastructure was often too demanding and too complex for some organizations. However, Microsoft Entra pass-through authentication helps ensure that password validation for services that rely on Microsoft Entra ID is always run against an on-premises Active Directory.
This module also examined how multifactor authentication in Microsoft 365 helps increase security. Multifactor authentication requires users to provide a user name and a password while signing in along with a second authentication method. The second authentication method might be acknowledging a phone call, text message, or an app notification on their smartphone. If the user names, passwords, and second authentication method are verified, the users can sign in to Microsoft 365. You also learned that you can enable users who authenticate from a federated, on-premises directory for multifactor authentication.
You also learned about two other password management features - self-service password reset (SSPR) and smart lockout. SSPR enables users to reset their own password without requiring intervention by an administrator. Smart Lockout locks out bad actors who are trying to guess users’ passwords or use brute-force methods to gain access. It can recognize sign-ins coming from valid users and treat them differently than ones of attackers and other unknown sources. Smart Lockout locks out the attackers, while letting your users continue to access their accounts and be productive.
The module concluded by examining how to further secure user access through entitlement packages and conditional access policies. Microsoft Entra entitlement management can help an organization efficiently manage access to groups, applications, and SharePoint Online sites for internal users. It can also do the same for users outside the organization who need access to those resources. Conditional access policies, on the other hand, protect regulated content by requiring certain criteria to be met before granting access to the content.