Search

MC565271 – (Updated) System preferred MFA method is Generally Available (archived)

cloudscout.one Icon

check before: 2023-06-15

Product:

Azure Active Directory, Entra, Entra ID

Platform:

Developer, World tenant

Status:

Change type:

Admin impact, Feature update, Updated message

Links:

Details:

Updated June 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
In today's landscape, organizations and users utilize various authentication methods with varying levels of security. Unfortunately, users often select less secure MFA methods, even when more secure options are available. This may be due to convenience, lack of awareness, or technical limitations.
To encourage the use of the strongest available method, we are introducing system-preferred authentication for MFA. This system prompts users to sign in with the most secure method they've registered and the one that's enabled by admin policy. This transition from choosing a default method to always using the most secure method will promote better security practices. If users can't use the prompted method, they can choose an alternative MFA method.
[When this will happen:]

We will begin rolling out in early July (previously late June) and expect to complete by early August (previously late July).

Change Category:
XXXXXXX ...

Scope:
XXXXXXX ...

Release Phase:

Created:
2023-06-01

updated:
2023-07-01

the free basic plan is required to see all details. Sign up here


A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.


changes*

DatePropertyoldnew
2023-07-01MC MessagesUpdated June 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
In today's landscape, organizations and users utilize various authentication methods with varying levels of security. Unfortunately, users often select less secure MFA methods, even when more secure options are available. This may be due to convenience, lack of awareness, or technical limitations.
To encourage the use of the strongest available method, we are introducing system-preferred authentication for MFA. This system prompts users to sign in with the most secure method they've registered and the one that's enabled by admin policy. This transition from choosing a default method to always using the most secure method will promote better security practices. If users can't use the prompted method, they can choose an alternative MFA method.
[When this will happen:]
We will begin rolling out in early July (previously late June) and expect to complete by early August (previously late July).
Updated June 30, 2023: We have updated the rollout timeline below. Thank you for your patience.
In today's landscape, organizations and users utilize various authentication methods with varying levels of security. Unfortunately, users often select less secure MFA methods, even when more secure options are available. This may be due to convenience, lack of awareness, or technical limitations.
To encourage the use of the strongest available method, we are introducing system-preferred authentication for MFA. This system prompts users to sign in with the most secure method they've registered and the one that's enabled by admin policy. This transition from choosing a default method to always using the most secure method will promote better security practices. If users can't use the prompted method, they can choose an alternative MFA method.
[When this will happen:]

We will begin rolling out in early July (previously late June) and expect to complete by early August (previously late July).
2023-07-01MC How AffectMicrosoft managed will be rolled out as enabled. Admins will have the control to disable the feature.
Admins can enable the feature via the admin UX in the Azure Portal or GraphAPI. For example, if a user named "John Doe" registered both SMS and Microsoft Authenticator and used SMS as the default option to sign in, the system-preferred method (Authenticator) will be presented to the user once the feature is enabled.
We launched this with Microsoft-managed set to disabled. As mentioned above, we will be setting "Microsoft-managed" to enabled from the end of June 2023. While we highly encourage you to adopt this feature for your entire tenant, should you need to you can either scope the feature for a segment of your user population or disable it if necessary. The feature will ultimately be set to Microsoft-managed (enabled) for all tenants, with no option to disable it.
To ensure adequate preparation time, detailed timelines will be shared by June. Deploying this feature with the rollout controls is highly encouraged to enhance security and ensure users always use the most secure authentication method first. The feature is now available from your tenant.
Microsoft managed will be rolled out as enabled. Admins will have the control to disable the feature.
Admins can enable the feature via the admin UX in the Azure Portal or GraphAPI. For example, if a user named "John Doe" registered both SMS and Microsoft Authenticator and used SMS as the default option to sign in, the system-preferred method (Authenticator) will be presented to the user once the feature is enabled.
We launched this with Microsoft-managed set to disabled. As mentioned above, we will be setting "Microsoft-managed" to enabled from the first week of July 2023. While we highly encourage you to adopt this feature for your entire tenant, should you need to you can either scope the feature for a segment of your user population or disable it if necessary. The feature will ultimately be set to Microsoft-managed (enabled) for all tenants, with no option to disable it.

Deploying this feature with the rollout controls is highly encouraged to enhance security and ensure users always use the most secure authentication method first. The feature is now available from your tenant.
2023-07-01MC Last Updated06/27/2023 20:18:532023-06-30T17:33:11Z
2023-07-01MC prepareWe strongly recommend that tenants enable the feature.We strongly recommend that organizations enable this feature for all their users to improve their security posture.
2023-06-28MC MessagesUpdated June 8, 2023: We have updated the rollout timeline below. Thank you for your patience.
In today's landscape, organizations and users utilize various authentication methods with varying levels of security. Unfortunately, users often select less secure MFA methods, even when more secure options are available. This may be due to convenience, lack of awareness, or technical limitations.
To encourage the use of the strongest available method, we are introducing system-preferred authentication for MFA. This system prompts users to sign in with the most secure method they've registered and the one that's enabled by admin policy. This transition from choosing a default method to always using the most secure method will promote better security practices. If users can't use the prompted method, they can choose an alternative MFA method.
[When this will happen:]
We will begin rolling out in late June and expect to complete by late July.
Updated June 27, 2023: We have updated the rollout timeline below. Thank you for your patience.
In today's landscape, organizations and users utilize various authentication methods with varying levels of security. Unfortunately, users often select less secure MFA methods, even when more secure options are available. This may be due to convenience, lack of awareness, or technical limitations.
To encourage the use of the strongest available method, we are introducing system-preferred authentication for MFA. This system prompts users to sign in with the most secure method they've registered and the one that's enabled by admin policy. This transition from choosing a default method to always using the most secure method will promote better security practices. If users can't use the prompted method, they can choose an alternative MFA method.
[When this will happen:]
We will begin rolling out in early July (previously late June) and expect to complete by early August (previously late July).
2023-06-28MC Last Updated06/09/2023 08:07:022023-06-27T20:18:53Z
2023-06-09MC MessagesIn today's landscape, organizations and users utilize various authentication methods with varying levels of security. Unfortunately, users often select less secure MFA methods, even when more secure options are available. This may be due to convenience, lack of awareness, or technical limitations.
To encourage the use of the strongest available method, we are introducing system-preferred authentication for MFA. This system prompts users to sign in with the most secure method they've registered and the one that's enabled by admin policy. This transition from choosing a default method to always using the most secure method will promote better security practices. If users can't use the prompted method, they can choose an alternative MFA method.
[When this will happen:]
We will begin rolling out in mid-July and expect to complete by mid-August.
Updated June 8, 2023: We have updated the rollout timeline below. Thank you for your patience.
In today's landscape, organizations and users utilize various authentication methods with varying levels of security. Unfortunately, users often select less secure MFA methods, even when more secure options are available. This may be due to convenience, lack of awareness, or technical limitations.
To encourage the use of the strongest available method, we are introducing system-preferred authentication for MFA. This system prompts users to sign in with the most secure method they've registered and the one that's enabled by admin policy. This transition from choosing a default method to always using the most secure method will promote better security practices. If users can't use the prompted method, they can choose an alternative MFA method.
[When this will happen:]
We will begin rolling out in late June and expect to complete by late July.
2023-06-09MC TitleSystem preferred MFA method is Generally Available(Updated) System preferred MFA method is Generally Available
2023-06-09MC Last Updated06/01/2023 03:30:342023-06-09T08:07:02Z
2023-06-09MC CategoryStay InformedPlan For Change
2023-06-09MC MessageTagNamesFeature update, Admin impactUpdated message, Feature update, Admin impact

*starting April 2022

Last updated 6 months ago

Share to MS Teams

Login to your account

Welcome Back, We Missed You!