课程: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Microsoft Entra ID: Authentication methods - Microsoft Security Copilot教程

课程: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Microsoft Entra ID: Authentication methods

- [Instructor] Microsoft Entra ID offers various authentication methods. Before we get into them, let's revisit the fundamental concept of authentication. What is authentication? Authentication is the process of verifying credentials. When a user accessing to a device, application, or service, the verification process uses available methods like a password or multifactor authentication to either approve or reject the user's identity. You can use a variety of authentication methods in Microsoft Entra ID. We can group them into four categories. The password has been the standard authentication method for a long time, but today relying on a password alone is considered bad practice. This is because simple passwords like a 123456 or password1 are very easy for hackers to crack. Additionally, people often reuse the same password for multiple services like banking, social media, or work accounts. If hackers breach one service, they can use the compromised passwords to access many other systems. Since the password by itself is insufficient to protect identities, the industry is moving toward multifactor authentication. Basically, you need to provide a password plus something else, like something you have or something you are. In the early implementation, the good methods are SMS, like getting a text message on your mobile phone, voice, like a receiving a phone call. But now, we have some better ways like Authenticator app to receive a push notification, OATH Software Tokens that can be installed on your mobile phone, OATH Hardware Tokens that refresh codes every 30 or 60 seconds. The best solution to password problems is not using password at all. This is called passwordless. We can use the authentication methods like Authenticator app to enable phone signing; Windows Hello, the building authentication methods on Windows devices using biometrics like facial detection and a fingerprints; FIDO2 security key, it's like a USB key protected by fingerprints or pins; and a certificate-based authentication. So to sum up the evolution of authentication methods: using a password alone is bad, the good or better approach is to use a password plus something else, and the best way is to go passwordless. Now let's look at authentication methods in the Microsoft Entra admin center. You'll see a list of available authentication methods such as FIDO2 pass key, Microsoft Authenticator, SMS, voice call, and a certificate-based authentication. You can configure the policy for an authentication method. For example, click Microsoft Authenticator. You can enable or disable it. Choose the target as either all users or select groups. You can further configure the settings of the Microsoft Authenticator app.

内容