There are times when you need to force a user or users to be disconnected for Microsoft 365 services like Exchange and SharePoint and block their access. When this happens, you need to complete the following tasks.
Block the user’s sign in Reset the user’s password and force a change on next login Revoke their sessions to SharePoint and OneDrive Revoke or remove their AzureAD authentication tokens These tasks can be done via the GUI, but it’s quick to have a script pre-paired.
Microsoft is currently on a path to switch services to Passwordless logins, meaning we will at some point no longer require a password. This does not mean accounts will not be protected; accounts will be using tokens, Multi-Factor, authenticator apps to perform authentication.
The Microsoft strategy is base on 4 steps; Develop password replacement offering Reduce the user-visible password surface area Transition into password-less deployment Eliminate password from identity directory Right now, we still see the continued development of the replacement for passwords and the reduction of locations where we need to enter password.
FIDO keys provide you with a hardware-based authentication device. The keys can be used on a number of different sites as well. I use the keys to protect my AzureAD login, GitHub and a few other places as well. In this section, I will go over the process to enable AzureAD.
In part 1, I went over methods for PasswordLess login and set up the Microsoft Authenticator App.
AzureAD Passwordless Sign in with FIDO - Part 1
FIDO keys provide you with a hardware-based authentication device. The keys can be used on a number of different sites as well. I use the keys to protect my AzureAD login, GitHub and a few other places as well. In this section I will go over the configuration for locking down a Windows 10 device. I have already gone over the process to enable AzureAD in part 1 and 2.
