Describe the authentication capabilities of Microsoft Entra ID Flashcards
Describe phone-based authentication
Microsoft Entra ID supports two options for phone-based authentication.
1.) SMS-based authentication - short SMS used in mobile device text.
2.) Voice call verification - users can use voice calls but they are not supported as the primary form of authentication in Microsoft Entra ID.
Describe OATH authentication
OATH (Open Authentication) is an open standard that specifies how time-based, one-time password (TOTP) codes are generated.
1.) Software OATH Tokens are typically applications. MEID generates a secret key, that’s input into the app.
2.) OATH TOTP hardware tokens - are small hardware devices that look like a key fob that displays a code that refreshes every 30-60 seconds.
These are used as secondary forms of authentication.
Describe Windows Hello for Business - passwordless authenticator
It replaces passwords with strong two-factor authentication on devices. This two-factor authentication is a combination of a key or certificate tied to a device and something that the person knows (pin) or something that the person is (biometrics).
Windows Hello for Business can be used as a primary form of authentication and a secondary form.
Describe FIDO2 - Passwordless authenticator
Fast Identity Online (FIDO) is an open standard for passwordless authentications. FIDO2 is the latest standard that incorporates the web authentication standard and is supported by MEID. Typically USB devices are used but also Bluetooth can be used.
This can be used as a primary and secondary form of authentication.
Describe the Microsoft Authenticator App
As a passwordless authentication method, the app can be used as a primary form of authentication to sign in to any Microsoft Entra account. You download the app and match the number displayed on the screen to the one on the phone, then use their face or pin to confirm.
Describe multifactor authentication
is a process in which users are prompted during the sign-in process for an additional form of identification.
Microsoft Entra multifactor works by requiring:
-Something you know - pass or pin
-Something you have - phone or hardware key
-Something you are - biometrics (fingerprint or face scan)
Describe self-service password reset
Self-service password reset (SSPR) is a feature on MEID that allows users to change their pass, without admin help.
-SSPR reduces IT support cost
-SSPR allows users to get back to work faster
-Administration can roll this out without disturbing employees’ sign-in.
-SSPR includes robust audit logs.
The following SSPR methods are available:
-mobile app notification or app
-email
-mobile phone
-office phone
-security questions.
Admins cannot use security questions.
Describe password protection and management capabilities
Password protection is a feature of MEID that reduces the risk of users using weak passwords. Companies can create password lists that are banned.
