So last weeks release was already a little spoiler to this one. We knew we had to wait on Microsoft so we made you all expect the unexpected.
Microsoft and our team has been working closely on this for the past 6 months, having hard discussions with Microsoft on needs and creating an API isn't always the easiest, but thanks to @microsoft and specifically Luc van der Ende at Microsoft it is now possible to use CIPP to control per user MFA. This is an amazing feature and worthy of an in between release.
Per user MFA Explained
Per user MFA is a legacy method of MFA that many tenants still use, it has no license requirements and is free to use for anyone. It used to be managed via the Microsoft MSOL module which is now gone. Thanks to our hard work this has been converted to a Graph API by Microsoft.
Per User MFA is on a deprecation path, but currently is still the only way for you to use MFA for each logon when you do not have Conditional Access Available. CIPP introduces management of per user MFA in multiple ways:
Reports
The CIPP MFA report has been updated to include per user MFA, Now you know that as long as one of the checkboxes are green, your users are protected by some form of MFA
User Settings
It's pretty useless to report on something, and then not set it right? We've added the set per user MFA option to the users flyout. Select a user, set their MFA.
Of course that's also available as a bulk option, so you can set it for multiple users in one go.
Standard
Of course you don't want to keep checking which users have MFA and which do not. You can set the new Per User MFA standard. This standard allows you to set up MFA for all users that are missing it, report on it in our reporting engine, or alert on it when you need to know what's going on.
Other notable changes
- Fixed an issue with exchange sometimes using the incorrect domain
- Fixed an issue with SAM Wizard not completing without a hard refresh
- Fixed an issue with blocked domains blocking access everywhere.
Sponsors
We extend our gratitude to our supporters at https://renroros.no, https://immy.bot/, https://oit.co/, https://ninjaone.com/, Huntress at https://huntress.com/, https://halopsa.com/, https://www.deskdirector.com/, https://hudu.com/, our friends at https://www.meetgradient.com, https://rewst.io and our newest sponsor, https://traceless.io and of course https://augmentt.com!
What's Changed
- MalwareFilterPolicy Standard typo quickfix by @OfficialEsco in #2537
- Per user mfa actions by @JohnDuprey in #2550
- Dev to Special Release by @KelvinTegelaar in #2557
Full Changelog: v5.8.0...v5.8.5