Secure Microsoft Entra users with MFA

Password complexity rules

These rules force users to generate harder-to-guess passwords

Password expiration rules

You can force users to change their passwords on a periodic basis and avoid using previously used passwords

Self-service password reset (SSPR)

This approach allows users to self-serve and reset their password if they forget it without involving an IT department

Microsoft Entra password protection

You can block commonly used and compromised passwords by using a global banned-list

Microsoft Entra smart lockout

Smart lockout helps to lock out malicious hackers who are trying to guess your user passwords or use brute-force methods to get in. 

It recognized sign-ins coming from valid users and treats them differently than the sign-ins of malicious hackers and other unknown sources

Microsoft Entra application proxy

You can provision security-enhanced remote access to on-premises web applications

Single sign-on (SSO)

You can enable SSO access to your applications, including thousands of reintegrated SaaS apps

Microsoft Entra Connect

Create and manage a single identity for each user across your hybrid enterprise, keeping users, groups and devices in sync.

What are three elements of MFA in Microsoft Entra?

Something you know, like a password

Something you possess, like a mobile app authenticator 

Something you are, biometrics like fingerprints

How to get multifactor authentication?

Microsoft Entra ID P1 or P2 or Microsoft 365 Business

Microsoft Entra ID Free or standalone Microsoft 365 licenses

The “password” method is the only authentication method you can’t disable. True or false?

True

Which authentication methods can’t use MFA?

Security Questions and Email address

You must activate MFA for all users in the directory you enable it in. True or false?

False