Azure Active Directory

Enable users to sign in to Azure AD using a phone number or with an alternate email address.

Microsoft is gradually introducing multifactor authentication (MFA) for all organizational accounts in Azure Active Directory. In this article, I look at the new Security Defaults setting and how to enable it.

You can add photos to Azure Active Directory guest accounts and have Office 365 apps display those photos. But it’s a lot of work to track down suitable photos for individual guests. If you want to change the default two-initial icon displayed by Office 365, you can use PowerShell to update all guest accounts with a photo. Here’s how I handled the problem.

You can now protect your Azure Active Directory account with a 256-character password, including spaces. This news will bring much joy to Office 365 administrators and others who hated the previous 16-character limit, but please don’t rush into forcing users to change their passwords without taking the time to pause and consider how best to proceed. Longer passwords are good, but they should be only one part of a strategy to protect user accounts.

Microsoft launched the preview of Entitlement Management, a new part of their Azure Active Directory Identity Governance program. The idea is that you can manage access to resources via policy, which seems to be a good thing, especially in large organizations where objects like Office 365 Groups, SharePoint Sites, and Teams might just get a little out of hand. The preview is interesting, but like all previews, it needs some work to be ready for prime time.