Registration Campaign is today purely used for users who have not setup an Authenticator App registration for their account yet. NOTE: If the user has already setup the Authenticator App with their account but has not set it as their primary method, the Registration Campaign functionality will not be triggered. Once the user has walked through these steps the primary authentication method is automatically change to the authenticator app.
It will keep prompting the end user each X days and will keep doing so until the end user has registered the Authenticator App for their account. So, what other options do we have today to encourage or end users today to move to the Authenticator App? Well since June this year there is a new feature called Nudge or as know today the Registration Campaign! The Registration Campaign will prompt your end users on sign-in to setup the Authenticator App if they have not done so already. This because they think it is ‘okay’ right now when using SMS or Voice, for other users it ends up as an unread item in Outlook with low priority at the bottom of a very long ‘todo’ list. Besides that, they don’t fit in to a password less strategy! Alex Weinert has written a great blog about why, which you can find here.īut how can we encourage users to start using the Authenticator App to improve the security posture of their second factor sign-in? Or even better: Make sure these users are prepped for a password less strategy? Apart from writing good instructions for your end users which they can follow to enroll within the Authenticator App, we still see that users are ignoring these messages. These last mentioned second factor methods (SMS & Voice Call) are in my opinion the least secure and least user-friendly options of all the MFA methods available today (due to for example potential SIM-hijacking). However, where we as IT administrators would rather encourage users to use the Microsoft Authenticator App, users are still choosing less modern and user-friendly scenarios to handle their second factor sign-in, such as SMS or Voice calls. Nowadays we see lots of environments being secured with Azure Multi Factor Authentication, which is great.
0 kommentar(er)
