Using Conditional Access with Authentication Flows
Some authentication flows are more susceptible to phishing attacks and abuse like the device code flow. Now we can block them with conditional access.
🔎 Looking for content on a particular topic? Search the channel. If I have something it will be there!
▬▬▬▬▬▬ C H A P T E R S ⏰ ▬▬▬▬▬▬
00:00 - Introduction
00:30 - Device code flow
02:31 - Phishing the auth flow
03:47 - Authentication transfer
04:28 - Protecting with conditional access
05:16 - Where are authentication flows being used?
06:42 - Creating a CA policy
07:57 - Demo of block
10:18 - Summary
▬▬▬▬▬▬ Want to learn more? 🚀 ▬▬▬▬▬▬
📖 Recommended Learning Path for Azure
🔗 learn.onboardtoazure.com
🥇 Certification Content Repository
🔗 github.com/johnthebrit/Certif...
📅 Weekly Azure Update
🔗 • Azure Infrastructure U...
☁ Azure Master Class
🔗 • Microsoft Azure Master...
⚙ DevOps Master Class
🔗 • DevOps Master Class
💻 PowerShell Master Class
🔗 • PowerShell Master Class
🎓 Certification Cram Videos
🔗 • Microsoft Certificatio...
🧠 Mentoring Content
🔗 • Virtual Mentoring
❔ Questions? Maybe I answered it in my FAQ
🔗 savilltech.com/faq
👕 Cure Childhood Cancer Charity T-Shirt Channel Store
🔗 johns-t-shirts-store.creator-...
👂 Enable the subtitles and from there you can translate to your native language via the auto-translate feature in settings! • KZhead Captions and A... for a demo of using this feature.
SUBSCRIBE ✅ / @ntfaqguy
#microsoft #azure #johnsavillstechnicaltraining
Hey everyone, let's help protect when we are doing remote authentication! Please make sure to read the description for the chapters and key information about this video and others. ⚠ P L E A S E N O T E ⚠ 🔎 If you are looking for content on a particular topic search the channel. If I have something it will be there! 🕰 I don't discuss future content nor take requests for future content so please don't ask 😇 🤔 Due to the channel growth and number of people wanting help I no longer can answer or even read questions and they will just stay in the moderation queue never to be seen so please post questions to other sites like Reddit, Microsoft Community Hub etc. 👂 Translate the captions to your native language via the auto-translate feature in settings! kzhead.info/sun/qZmbZZdlh5l7oIE/bejne.html for a demo of using this feature. Thanks for watching! 🤙
Best Azure related content on KZhead. Chapeau bas.
always a great place to learn most up-to-date Microsoft Cloud lessons . Thank for great work!
Conditional access has to be one of the best features of entra
Agree 100%
Thanks John… learning is fun watching your videos 😊
Happy to hear that!
Great content, John. Thanks for sharing.
Glad you enjoyed it
Thank you!
Welcome!
Nice 👌
Good Morning John
Howdy :-D
So is DCF something that we should consider blocking now (like sms for mfa)? Or is this just a new capability in case we need to do something with it? I know I've used device codes here and there for various things but can't recall what (my 1 month logs don't show anything).
There are still a few scenarios as I mentioned but its less frequent and block where you can.
@@NTFAQGuy Understood, thanks!
Is this a P2 feature or P1?
CA is P1
Is this still a private preview feature?? I'm not seeing authentication flows available...
no but its rolling out.
Thanks! Can i ask how you keep up-to-date with changes released.. this one kind of worried me as, in my eyes, effectively decreases security by allowing device based...Phishable authentication flow.. and only way to block it is manual intervention with CA policy. @@NTFAQGuy
Device code flow has been around for many years, its not new. The ability to restrict is new. I've talked about staying up-to-date in a number of the AMAs on this channel but I try to cover main things in my weekly update.
@NTFAQGuy Thanks, John. appreciate the feedback. Sorry to bother you :-)
Thank you so much for contributed
Is this on by default and needs to be locked down?
Yes
nice, thanks again for insight