Roll out Conditional Access with Authentication Strength Controls

Implementation Effort: High – Requires policy updates and potentially authentication method registration programs. User Impact: High – Users may need to register or switch to stronger authentication methods.

Overview

Rolling out Conditional Access with Authentication Strength Controls in Microsoft Entra ID enables organizations to define and enforce the required strength of authentication methods for accessing specific resources. This aligns with the Zero Trust principle of Verify Explicitly by ensuring that access decisions are based on the robustness of authentication methods, such as requiring phishing-resistant credentials like Authenticator App passkeys or FIDO2 keys. By specifying authentication strengths, organizations can tailor access requirements to the sensitivity of resources, enhancing security posture. Without implementing these controls, there is a risk of inconsistent authentication requirements, potentially allowing weaker methods to access high-value resources, thereby increasing vulnerability to credential-based attacks.

Reference

• Conditional Access authentication strength
• Plan a Conditional Access deployment
• Authentication methods in Microsoft Entra ID
• Microsoft Entra Conditional Access Authentication Strength - YouTube