The Random Exploits of a Frustrated Engineer

What does a hardware key do? Hardware keys provide another method of authentication beyond SMS messages, authenticator app notifications, and authenticator app codes. They give users the ability to login securely to a service that supports Multi-factor Authentication (MFA) without the necessity of using one of the methods mentioned above. Why might I need a hardware key? Some users may not wish to install what they consider company apps on their own mobile phone, therefore they may not wish to install an authenticator app to allow or deny access through MFA. If users are not required to have a corporate owned mobile phone, the hardware tokens provide a cheap and easy alternative to provide MFA authorisation.  What does a hardware token look like? There are different types of hardware keys for different scenarios, but this is a good example of a cheap and effective hardware key. This was purchased from Token2 direct ( https://www.token2.com ) for around 22 Euros and comes highly recomme

Learning To get the most out of this article, I would recommend building out a trial policy whilst reading. Do this on a test tenancy. If you don’t have one, sign up for a free trial on this link: https://portal.office.com/Signup?OfferId=B07A1127-DE83-4a6d-9F85-2C104BDAE8B4&dl=ENTERPRISEPACK&ali=1   What is it? Conditional Access (CA) is, as the name suggests, a way of controlling access to your Azure and Microsoft 365 data and services based on a set of conditions. These can be conditions such as “Sign-in risk” , “Device platforms” , “Locations” - which can be inside or outside the network or can be applied to a specific location, “Client apps” - what client apps are being used, and the “Device state” which can include states such a “non-compliant”/”compliant” and whether or not the device is “Azure AD joined” .  You might think that it all sounds a little bit complicated. It can be, I will not lie, but I intend to take you through Conditional Access and demystify the proc