{"id":472,"date":"2023-07-03T09:32:17","date_gmt":"2023-07-03T01:32:17","guid":{"rendered":"https:\/\/www.ruianding.com\/blog\/?p=472"},"modified":"2023-08-31T01:51:04","modified_gmt":"2023-08-30T17:51:04","slug":"case-study-normal-user-mfa-behavior-of-azure-ad-security-default","status":"publish","type":"post","link":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/","title":{"rendered":"Normal User MFA Behavior of Azure AD Security Default"},"content":{"rendered":"\n<h4 class=\"wp-block-heading\"><strong>Issue Description:<\/strong><\/h4>\n\n\n\n<p>Customer reported he encountered an issue related to user authentication and multi-factor authentication (MFA) settings. There is a regular user and does not have any administrative privileges. The problem we faced was with the behavior of Security Defaults, which is designed to prompt normal users for MFA only when necessary.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Issue Analysis<\/strong>:<\/h4>\n\n\n\n<p>Upon reviewing the sign-in logs during the provided timestamps, we found that the user accessed the office.com application from an Australian IP address. Since this login attempt did not raise any notable risk flags, Microsoft Azure did not consider it necessary to challenge the user for MFA.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/07\/image-2.png\" alt=\"\" class=\"wp-image-473\" width=\"679\" height=\"325\"\/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Issue Explanation:<\/strong><\/h4>\n\n\n\n<p>Security Defaults is designed to enhance security by requiring MFA only when specific conditions are met. Lower risk users may not be prompted for MFA if their login attempts are not deemed notable by Microsoft. This behavior aims to balance security with usability. However, if we require more control over MFA settings, we have a few options available:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li><strong>Per-user MFA:<\/strong> Assigning administrative privileges to the user would allow us to utilize per-user MFA. This means we can individually configure MFA settings for specific users, providing more granular control.<\/li>\n\n\n\n<li><strong>Elevate users to higher risk category:<\/strong> By granting admin access to users, we can elevate their risk category, triggering MFA requirements as per our desired level of security.<\/li>\n\n\n\n<li><strong>Upgrade licenses for conditional access:<\/strong> Another option is to upgrade licenses to enable conditional access. This allows us to set specific conditions for requiring MFA, giving us more flexibility in enforcing MFA for different scenarios.<\/li>\n<\/ol>\n\n\n\n<h4 class=\"wp-block-heading\"><strong>Further Action:<\/strong><\/h4>\n\n\n\n<p>To prevent similar occurrences in the future, we suggest the following actions:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Assign administrative privileges to the user, which will grant us the ability to configure per-user MFA settings while keeping the Security Defaults in place.<\/li>\n\n\n\n<li>Alternatively, we can implement the second method, which apply the MFA to the user by per-user MFA or CA policy (Azure Premium license required). In this time, it can maintain the user&#8217;s normal properties.<\/li>\n<\/ol>\n\n\n\n<p>By implementing either of these approaches, we can ensure that MFA is appropriately enforced for the user while maintaining a balance between security and user experience.<\/p>\n\n\n\n<p>Reference: <a href=\"https:\/\/learn.microsoft.com\/en-us\/azure\/active-directory\/fundamentals\/concept-fundamentals-security-defaults\">Providing a default level of security in Azure Active Directory &#8211; Microsoft Entra | Microsoft Learn<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Issue Description: Customer reported he encountered an issue related to user authentication and multi-factor authentication (MFA) settings. There is a regular user and does not have any administrative privileges. The problem we faced was with the behavior of Security Defaults, which is designed to prompt normal users for MFA only when necessary. Issue Analysis: Upon [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_themeisle_gutenberg_block_has_review":false,"footnotes":""},"categories":[32,34],"tags":[],"class_list":["post-472","post","type-post","status-publish","format-standard","hentry","category-aad-general","category-mfa"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Normal User MFA Behavior of Azure AD Security Default - \u6781\u7b80IT\uff5cSimpleIT<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Normal User MFA Behavior of Azure AD Security Default - \u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"og:description\" content=\"Issue Description: Customer reported he encountered an issue related to user authentication and multi-factor authentication (MFA) settings. There is a regular user and does not have any administrative privileges. The problem we faced was with the behavior of Security Defaults, which is designed to prompt normal users for MFA only when necessary. Issue Analysis: Upon [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/\" \/>\n<meta property=\"og:site_name\" content=\"\u6781\u7b80IT\uff5cSimpleIT\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-03T01:32:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-08-30T17:51:04+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/07\/image-2.png\" \/>\n<meta name=\"author\" content=\"Ruian Ding\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ruian Ding\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/\"},\"author\":{\"name\":\"Ruian Ding\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"headline\":\"Normal User MFA Behavior of Azure AD Security Default\",\"datePublished\":\"2023-07-03T01:32:17+00:00\",\"dateModified\":\"2023-08-30T17:51:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/\"},\"wordCount\":379,\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/07\/image-2.png\",\"articleSection\":[\"AAD General\",\"MFA\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/\",\"name\":\"Normal User MFA Behavior of Azure AD Security Default - \u6781\u7b80IT\uff5cSimpleIT\",\"isPartOf\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/07\/image-2.png\",\"datePublished\":\"2023-07-03T01:32:17+00:00\",\"dateModified\":\"2023-08-30T17:51:04+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#primaryimage\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/07\/image-2.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/07\/image-2.png\",\"width\":887,\"height\":425},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.ruianding.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Normal User MFA Behavior of Azure AD Security Default\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#website\",\"url\":\"https:\/\/www.ruianding.com\/blog\/\",\"name\":\"Ruian's Tech Troubleshooting Toolbox\",\"description\":\"Debug the World.\",\"publisher\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\"},\"alternateName\":\"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":[\"Person\",\"Organization\"],\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b\",\"name\":\"Ruian Ding\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"contentUrl\":\"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png\",\"width\":284,\"height\":284,\"caption\":\"Ruian Ding\"},\"logo\":{\"@id\":\"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/\"},\"description\":\"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.\",\"sameAs\":[\"https:\/\/www.ruianding.com\"],\"url\":\"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Normal User MFA Behavior of Azure AD Security Default - \u6781\u7b80IT\uff5cSimpleIT","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/","og_locale":"en_US","og_type":"article","og_title":"Normal User MFA Behavior of Azure AD Security Default - \u6781\u7b80IT\uff5cSimpleIT","og_description":"Issue Description: Customer reported he encountered an issue related to user authentication and multi-factor authentication (MFA) settings. There is a regular user and does not have any administrative privileges. The problem we faced was with the behavior of Security Defaults, which is designed to prompt normal users for MFA only when necessary. Issue Analysis: Upon [&hellip;]","og_url":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/","og_site_name":"\u6781\u7b80IT\uff5cSimpleIT","article_published_time":"2023-07-03T01:32:17+00:00","article_modified_time":"2023-08-30T17:51:04+00:00","og_image":[{"url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/07\/image-2.png","type":"","width":"","height":""}],"author":"Ruian Ding","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Ruian Ding","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#article","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/"},"author":{"name":"Ruian Ding","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"headline":"Normal User MFA Behavior of Azure AD Security Default","datePublished":"2023-07-03T01:32:17+00:00","dateModified":"2023-08-30T17:51:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/"},"wordCount":379,"publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/07\/image-2.png","articleSection":["AAD General","MFA"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/","url":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/","name":"Normal User MFA Behavior of Azure AD Security Default - \u6781\u7b80IT\uff5cSimpleIT","isPartOf":{"@id":"https:\/\/www.ruianding.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#primaryimage"},"image":{"@id":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#primaryimage"},"thumbnailUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/07\/image-2.png","datePublished":"2023-07-03T01:32:17+00:00","dateModified":"2023-08-30T17:51:04+00:00","breadcrumb":{"@id":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#primaryimage","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/07\/image-2.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/07\/image-2.png","width":887,"height":425},{"@type":"BreadcrumbList","@id":"https:\/\/www.ruianding.com\/blog\/case-study-normal-user-mfa-behavior-of-azure-ad-security-default\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.ruianding.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Normal User MFA Behavior of Azure AD Security Default"}]},{"@type":"WebSite","@id":"https:\/\/www.ruianding.com\/blog\/#website","url":"https:\/\/www.ruianding.com\/blog\/","name":"Ruian's Tech Troubleshooting Toolbox","description":"Debug the World.","publisher":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b"},"alternateName":"\u4e01\u777f\u5b89\u7684\u6280\u672f\u5206\u4eab\u535a\u5ba2","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.ruianding.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":["Person","Organization"],"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/440d88575b7dc819a4cefc8c4199db3b","name":"Ruian Ding","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","contentUrl":"https:\/\/www.ruianding.com\/blog\/wp-content\/uploads\/2023\/05\/logo.png","width":284,"height":284,"caption":"Ruian Ding"},"logo":{"@id":"https:\/\/www.ruianding.com\/blog\/#\/schema\/person\/image\/"},"description":"I am currently a Support Specialist at NIO, focusing on cloud-related issues for NIO Power. Previously, at Microsoft Entra ID, I specialized in identity and access management (IAM), including device registration, Windows Hello for Business (WHfB), multi-factor authentication (MFA), and single sign-on (SSO). In addition to my core expertise, I have a strong foundation in Active Directory, Servers, Cloud Computing, Network Administration, and Front-end Web Development. This diverse technical skill set enables me to effectively handle a wide range of challenges in a fast-paced IT environment.","sameAs":["https:\/\/www.ruianding.com"],"url":"https:\/\/www.ruianding.com\/blog\/author\/ruiand\/"}]}},"_links":{"self":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/472","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/comments?post=472"}],"version-history":[{"count":2,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/472\/revisions"}],"predecessor-version":[{"id":861,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/posts\/472\/revisions\/861"}],"wp:attachment":[{"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/media?parent=472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/categories?post=472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ruianding.com\/blog\/wp-json\/wp\/v2\/tags?post=472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}